Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47561 (GCVE-0-2024-47561)
Vulnerability from cvelistv5 – Published: 2024-10-03 10:23 – Updated: 2024-10-21 08:51
VLAI
EPSS
Title
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
Summary
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Avro Java SDK |
Affected:
0 , < 1.11.4
(semver)
|
|
| apache | avro |
Affected:
0 , < 1.11.4
(semver)
cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:* |
Credits
Kostya Kortchinsky, from the Databricks Security Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-11T22:03:16.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/03/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241011-0003/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*"
],
"defaultStatus": "unknown",
"product": "avro",
"vendor": "apache",
"versions": [
{
"lessThan": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:53:44.038603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:59:41.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.avro:avro",
"product": "Apache Avro Java SDK",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kostya Kortchinsky, from the Databricks Security Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\u003cbr\u003eUsers are recommended to upgrade to version 1.11.4\u0026nbsp; or 1.12.0, which fix this issue."
}
],
"value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T08:51:22.972Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47561",
"datePublished": "2024-10-03T10:23:16.214Z",
"dateReserved": "2024-09-27T07:06:47.522Z",
"dateUpdated": "2024-10-21T08:51:22.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-47561",
"date": "2026-06-05",
"epss": "0.00674",
"percentile": "0.71855"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47561\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-10-03T11:15:13.510\",\"lastModified\":\"2025-07-10T21:04:01.920\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\\nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue.\"},{\"lang\":\"es\",\"value\":\"El an\u00e1lisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten c\u00f3digo arbitrario. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.11.4 o 1.12.0, que solucionan este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*\",\"versionEndExcluding\":\"1.11.4\",\"matchCriteriaId\":\"6C46991D-B086-4087-9458-DAE10A86DE36\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25FA7A4D-B0E2-423E-8146-E221AE2D6120\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/10/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20241011-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/03/1\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241011-0003/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-11T22:03:16.050Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47561\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T18:53:44.038603Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*\"], \"vendor\": \"apache\", \"product\": \"avro\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.11.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T18:55:37.785Z\"}}], \"cna\": {\"title\": \"Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kostya Kortchinsky, from the Databricks Security Team\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"critical\"}}}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Avro Java SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.11.4\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.avro:avro\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\\nUsers are recommended to upgrade to version 1.11.4\\u00a0 or 1.12.0, which fix this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\u003cbr\u003eUsers are recommended to upgrade to version 1.11.4\u0026nbsp; or 1.12.0, which fix this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-10-21T08:51:22.972Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47561\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T08:51:22.972Z\", \"dateReserved\": \"2024-09-27T07:06:47.522Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-10-03T10:23:16.214Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024:7812
Vulnerability from csaf_redhat - Published: 2024-10-08 16:04 - Updated: 2026-06-01 22:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Severity
Critical
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7812",
"url": "https://access.redhat.com/errata/RHSA-2024:7812"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7812.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update",
"tracking": {
"current_release_date": "2026-06-01T22:08:11+00:00",
"generator": {
"date": "2026-06-01T22:08:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:7812",
"initial_release_date": "2024-10-08T16:04:06+00:00",
"revision_history": [
{
"date": "2024-10-08T16:04:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-23T23:09:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-01T22:08:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-08T16:04:06+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7812"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
RHSA-2024:7861
Vulnerability from csaf_redhat - Published: 2024-10-09 12:35 - Updated: 2026-04-30 13:26Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]
Severity
Critical
Notes
Topic: An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apicurio Registry 2.6.5 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:apicurio_registry:2.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7861",
"url": "https://access.redhat.com/errata/RHSA-2024:7861"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7861.json"
}
],
"title": "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]",
"tracking": {
"current_release_date": "2026-04-30T13:26:57+00:00",
"generator": {
"date": "2026-04-30T13:26:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:7861",
"initial_release_date": "2024-10-09T12:35:14+00:00",
"revision_history": [
{
"date": "2024-10-09T12:35:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-09T12:35:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:26:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apicurio Registry 2.6.5 GA",
"product": {
"name": "Red Hat build of Apicurio Registry 2.6.5 GA",
"product_id": "Red Hat build of Apicurio Registry 2.6.5 GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apicurio_registry:2.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apicurio Registry 2.6.5 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-09T12:35:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.5 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7861"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.5 GA"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apicurio Registry 2.6.5 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
RHSA-2024:7972
Vulnerability from csaf_redhat - Published: 2024-10-10 14:00 - Updated: 2026-06-02 15:18Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)
Severity
Critical
Notes
Topic: An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Critical.
Details: An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)
* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4 for Quarkus 3
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:camel_quarkus:3.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4 for Quarkus 3
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:camel_quarkus:3.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Critical.",
"title": "Topic"
},
{
"category": "general",
"text": "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)\n* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7972",
"url": "https://access.redhat.com/errata/RHSA-2024:7972"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7972.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)",
"tracking": {
"current_release_date": "2026-06-02T15:18:32+00:00",
"generator": {
"date": "2026-06-02T15:18:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:7972",
"initial_release_date": "2024-10-10T14:00:25+00:00",
"revision_history": [
{
"date": "2024-10-10T14:00:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-10T14:00:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:18:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4 for Quarkus 3",
"product": {
"name": "Red Hat build of Apache Camel 4 for Quarkus 3",
"product_id": "Red Hat build of Apache Camel 4 for Quarkus 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_quarkus:3.8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-10T14:00:25+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7972"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-10T14:00:25+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7972"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
RHSA-2024:8064
Vulnerability from csaf_redhat - Published: 2024-10-14 15:53 - Updated: 2026-06-01 17:19Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.
Severity
Critical
Notes
Topic: Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)
* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)
* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.3 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.4.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.3 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.4.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Spring Web (org.springframework:spring-web) package. Due to improper ETag prefix validation when the application parses ETags from the `If-Match` or `If-None-Match` request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP request.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.3 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.4.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.3 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.4.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.3 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.4.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.3 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.4.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
42 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)\n\n* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)\n\n* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8064",
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2309764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309764"
},
{
"category": "external",
"summary": "2310447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310447"
},
{
"category": "external",
"summary": "2312060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312060"
},
{
"category": "external",
"summary": "2314495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314495"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8064.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.",
"tracking": {
"current_release_date": "2026-06-01T17:19:32+00:00",
"generator": {
"date": "2026-06-01T17:19:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:8064",
"initial_release_date": "2024-10-14T15:53:39+00:00",
"revision_history": [
{
"date": "2024-10-14T15:53:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-14T15:53:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-01T17:19:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.4.3 for Spring Boot",
"product": {
"name": "Red Hat build of Apache Camel 4.4.3 for Spring Boot",
"product_id": "Red Hat build of Apache Camel 4.4.3 for Spring Boot",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-09-04T17:02:58.468000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2309764"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52428"
},
{
"category": "external",
"summary": "RHBZ#2309764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52428"
}
],
"release_date": "2024-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T15:53:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T15:53:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2024-38809",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-24T20:00:28.839621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Spring Web (org.springframework:spring-web) package. Due to improper ETag prefix validation when the application parses ETags from the `If-Match` or `If-None-Match` request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-38809"
},
{
"category": "external",
"summary": "RHBZ#2314495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-38809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38809"
},
{
"category": "external",
"summary": "http://github.com/spring-projects/spring-framework",
"url": "http://github.com/spring-projects/spring-framework"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3",
"url": "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533",
"url": "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85",
"url": "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-framework/issues/33372",
"url": "https://github.com/spring-projects/spring-framework/issues/33372"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-38809",
"url": "https://spring.io/security/cve-2024-38809"
}
],
"release_date": "2024-09-24T18:34:43+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T15:53:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request"
},
{
"cve": "CVE-2024-38816",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-09-13T06:20:08.422867+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312060"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Path traversal vulnerabilities in applications that serve static resources via RouterFunctions and FileSystemResource pose a important security risk, as they allow attackers to bypass access controls and retrieve arbitrary files from the server\u0027s filesystem. This type of attack can lead to unauthorized exposure of sensitive data, such as configuration files, environment variables, or authentication credentials. If exploited, it can further facilitate privilege escalation, lateral movement, or remote code execution within the system. Given the broad access it grants to the server\u0027s filesystem, the potential for system compromise makes path traversal vulnerabilities a high-severity issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-38816"
},
{
"category": "external",
"summary": "RHBZ#2312060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312060"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-38816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38816"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-38816",
"url": "https://spring.io/security/cve-2024-38816"
}
],
"release_date": "2024-09-13T06:15:11.190000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T15:53:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource"
},
{
"cve": "CVE-2024-45294",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2024-09-06T16:20:11.403869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45294"
},
{
"category": "external",
"summary": "RHBZ#2310447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45294"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45294",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45294"
},
{
"category": "external",
"summary": "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23",
"url": "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23"
},
{
"category": "external",
"summary": "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf",
"url": "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf"
}
],
"release_date": "2024-09-06T16:15:03.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T15:53:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T15:53:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.3 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
RHSA-2024:8093
Vulnerability from csaf_redhat - Published: 2024-10-14 19:55 - Updated: 2026-04-30 13:27Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8093",
"url": "https://access.redhat.com/errata/RHSA-2024:8093"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8093.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update",
"tracking": {
"current_release_date": "2026-04-30T13:27:00+00:00",
"generator": {
"date": "2026-04-30T13:27:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:8093",
"initial_release_date": "2024-10-14T19:55:01+00:00",
"revision_history": [
{
"date": "2024-10-14T19:55:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-14T19:55:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:27:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T19:55:01+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8093"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
RHSA-2024:8339
Vulnerability from csaf_redhat - Published: 2024-10-22 18:29 - Updated: 2026-04-30 13:27Summary
Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.
Severity
Important
Notes
Topic: Red Hat Integration Camel K 1.10.8 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Camel K 1.10.8 is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-K 1.10.8
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_k:1.10.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-K 1.10.8
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_k:1.10.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-K 1.10.8
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_k:1.10.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Integration Camel K 1.10.8 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Camel K 1.10.8 is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\n* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8339",
"url": "https://access.redhat.com/errata/RHSA-2024:8339"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2265053",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265053"
},
{
"category": "external",
"summary": "2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8339.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.",
"tracking": {
"current_release_date": "2026-04-30T13:27:10+00:00",
"generator": {
"date": "2026-04-30T13:27:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:8339",
"initial_release_date": "2024-10-22T18:29:33+00:00",
"revision_history": [
{
"date": "2024-10-22T18:29:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-22T18:29:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:27:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-K 1.10.8",
"product": {
"name": "RHINT Camel-K 1.10.8",
"product_id": "RHINT Camel-K 1.10.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_k:1.10.8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23114",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265053"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-K 1.10.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23114"
},
{
"category": "external",
"summary": "RHBZ#2265053",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265053"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23114"
},
{
"category": "external",
"summary": "https://camel.apache.org/",
"url": "https://camel.apache.org/"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/CAMEL-20306",
"url": "https://issues.apache.org/jira/browse/CAMEL-20306"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T18:29:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-K 1.10.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8339"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-K 1.10.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270732"
}
],
"notes": [
{
"category": "description",
"text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-K 1.10.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28752"
},
{
"category": "external",
"summary": "RHBZ#2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428",
"url": "https://github.com/advisories/GHSA-qmgx-j96g-4428"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T18:29:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-K 1.10.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8339"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.",
"product_ids": [
"RHINT Camel-K 1.10.8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-K 1.10.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-K 1.10.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T18:29:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-K 1.10.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8339"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"RHINT Camel-K 1.10.8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-K 1.10.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
WID-SEC-W-2024-3111
Vulnerability from csaf_certbund - Published: 2024-10-08 22:00 - Updated: 2024-11-24 23:00Summary
Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Es besteht eine Schwachstelle in Red Hat JBoss Enterprise Application Platform. Dieser Fehler betrifft den Apache Avro aufgrund der unsachgemäßen Behandlung von vom Benutzer bereitgestellten Schemata, insbesondere solchen mit dem Attribut „java-class“. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er ein bösartiges Schema einreicht.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform <7.4
Red Hat / JBoss Enterprise Application Platform
|
<7.4 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.11
Red Hat / JBoss Enterprise Application Platform
|
<7.3.11 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.8
Red Hat / JBoss Enterprise Application Platform
|
<7.1.8 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3111 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3111.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3111 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3111"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7811"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7812"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7861 vom 2024-10-09",
"url": "https://access.redhat.com/errata/RHSA-2024:7861"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10207 vom 2024-11-25",
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10208 vom 2024-11-25",
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-11-24T23:00:00.000+00:00",
"generator": {
"date": "2024-11-25T09:11:51.578+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3111",
"initial_release_date": "2024-10-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-24T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4",
"product_id": "T038033"
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4",
"product_id": "T038033-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.1.8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.1.8",
"product_id": "T039411"
}
},
{
"category": "product_version",
"name": "7.1.8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1.8",
"product_id": "T039411-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.11",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.11",
"product_id": "T039412"
}
},
{
"category": "product_version",
"name": "7.3.11",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.11",
"product_id": "T039412-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.11"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47561",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat JBoss Enterprise Application Platform. Dieser Fehler betrifft den Apache Avro aufgrund der unsachgem\u00e4\u00dfen Behandlung von vom Benutzer bereitgestellten Schemata, insbesondere solchen mit dem Attribut \u201ejava-class\u201c. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er ein b\u00f6sartiges Schema einreicht."
}
],
"product_status": {
"known_affected": [
"T038033",
"67646",
"T039412",
"T039411"
]
},
"release_date": "2024-10-08T22:00:00.000+00:00",
"title": "CVE-2024-47561"
}
]
}
WID-SEC-W-2024-3147
Vulnerability from csaf_certbund - Published: 2024-10-10 22:00 - Updated: 2025-11-10 23:00Summary
Red Hat Produkte: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank für den schnellen Zugriff auf große Datenvolumen und Skalierbarkeit.
Angriff: Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat-Produkten ausnutzen, um Dateien zu manipulieren, beliebigen Code auszuführen und einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Cryostat 3
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_3
|
Cryostat 3 | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.2.12.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.2.12.SP1 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Apache Camel
Apache
|
cpe:/a:apache:camel:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.8.6.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.8.6.SP1 | ||
|
Red Hat JBoss Data Grid 8
Red Hat / JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
8 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux AI
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:ai
|
AI | |
|
Splunk Splunk Enterprise <9.2.8
Splunk / Splunk Enterprise
|
<9.2.8 | ||
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.23
Red Hat / JBoss Enterprise Application Platform
|
<7.4.23 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Splunk Splunk Enterprise <9.4.4
Splunk / Splunk Enterprise
|
<9.4.4 | ||
|
Splunk Splunk Enterprise <9.3.6
Splunk / Splunk Enterprise
|
<9.3.6 | ||
|
Splunk Splunk Enterprise <10.0.1
Splunk / Splunk Enterprise
|
<10.0.1 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Cryostat 3
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_3
|
Cryostat 3 | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.2.12.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.2.12.SP1 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Apache Camel
Apache
|
cpe:/a:apache:camel:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.8.6.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.8.6.SP1 | ||
|
Red Hat JBoss Data Grid 8
Red Hat / JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
8 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux AI
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:ai
|
AI | |
|
Splunk Splunk Enterprise <9.2.8
Splunk / Splunk Enterprise
|
<9.2.8 | ||
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.23
Red Hat / JBoss Enterprise Application Platform
|
<7.4.23 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Splunk Splunk Enterprise <9.4.4
Splunk / Splunk Enterprise
|
<9.4.4 | ||
|
Splunk Splunk Enterprise <9.3.6
Splunk / Splunk Enterprise
|
<9.3.6 | ||
|
Splunk Splunk Enterprise <10.0.1
Splunk / Splunk Enterprise
|
<10.0.1 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Cryostat 3
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_3
|
Cryostat 3 | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.2.12.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.2.12.SP1 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Apache Camel
Apache
|
cpe:/a:apache:camel:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.8.6.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.8.6.SP1 | ||
|
Red Hat JBoss Data Grid 8
Red Hat / JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
8 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux AI
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:ai
|
AI | |
|
Splunk Splunk Enterprise <9.2.8
Splunk / Splunk Enterprise
|
<9.2.8 | ||
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.23
Red Hat / JBoss Enterprise Application Platform
|
<7.4.23 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Splunk Splunk Enterprise <9.4.4
Splunk / Splunk Enterprise
|
<9.4.4 | ||
|
Splunk Splunk Enterprise <9.3.6
Splunk / Splunk Enterprise
|
<9.3.6 | ||
|
Splunk Splunk Enterprise <10.0.1
Splunk / Splunk Enterprise
|
<10.0.1 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Cryostat 3
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_3
|
Cryostat 3 | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.2.12.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.2.12.SP1 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Apache Camel
Apache
|
cpe:/a:apache:camel:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform Quarkus <3.8.6.SP1
Red Hat / JBoss Enterprise Application Platform
|
Quarkus <3.8.6.SP1 | ||
|
Red Hat JBoss Data Grid 8
Red Hat / JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
8 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux AI
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:ai
|
AI | |
|
Splunk Splunk Enterprise <9.2.8
Splunk / Splunk Enterprise
|
<9.2.8 | ||
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.23
Red Hat / JBoss Enterprise Application Platform
|
<7.4.23 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Splunk Splunk Enterprise <9.4.4
Splunk / Splunk Enterprise
|
<9.4.4 | ||
|
Splunk Splunk Enterprise <9.3.6
Splunk / Splunk Enterprise
|
<9.3.6 | ||
|
Splunk Splunk Enterprise <10.0.1
Splunk / Splunk Enterprise
|
<10.0.1 |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nRed Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu k\u00f6nnen.\r\nRed Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.\r\nApache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.\r\nJBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank f\u00fcr den schnellen Zugriff auf gro\u00dfe Datenvolumen und Skalierbarkeit.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat-Produkten ausnutzen, um Dateien zu manipulieren, beliebigen Code auszuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3147 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3147.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3147 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3147"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-10",
"url": "https://access.redhat.com/errata/RHSA-2024:7670"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-10",
"url": "https://access.redhat.com/errata/RHSA-2024:7676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-10",
"url": "https://access.redhat.com/errata/RHSA-2024:7972"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8093 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8093"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8329 vom 2024-10-22",
"url": "https://access.redhat.com/errata/RHSA-2024:8329"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9571 vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2693 vom 2024-11-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2693.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20241213-0010 vom 2024-12-13",
"url": "https://security.netapp.com/advisory/ntap-20241213-0010/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0664 vom 2025-01-23",
"url": "https://access.redhat.com/errata/RHSA-2025:0664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7620 vom 2025-05-14",
"url": "https://access.redhat.com/errata/RHSA-2025:7620"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7629-2 vom 2025-09-03",
"url": "https://ubuntu.com/security/notices/USN-7629-2"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2025-1007 vom 2025-10-01",
"url": "https://advisory.splunk.com//advisories/SVD-2025-1007"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20052 vom 2025-11-10",
"url": "https://access.redhat.com/errata/RHSA-2025:20052"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20057 vom 2025-11-10",
"url": "https://access.redhat.com/errata/RHSA-2025:20057"
}
],
"source_lang": "en-US",
"title": "Red Hat Produkte: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-10T23:00:00.000+00:00",
"generator": {
"date": "2025-11-11T07:07:22.554+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-3147",
"initial_release_date": "2024-10-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "3",
"summary": "Anpassung im Text"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Apache Camel",
"product": {
"name": "Apache Camel",
"product_id": "T038266",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:-"
}
}
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Cryostat 3",
"product": {
"name": "Red Hat Enterprise Linux Cryostat 3",
"product_id": "T036943",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:cryostat_3"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T038260",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T038261",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T038262",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
},
{
"category": "product_version",
"name": "AI",
"product": {
"name": "Red Hat Enterprise Linux AI",
"product_id": "T038263",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:ai"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat JBoss Data Grid 8",
"product_id": "T038268",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:8"
}
}
}
],
"category": "product_name",
"name": "JBoss Data Grid"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Quarkus \u003c3.8.6.SP1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Quarkus \u003c3.8.6.SP1",
"product_id": "T038267"
}
},
{
"category": "product_version",
"name": "Quarkus 3.8.6.SP1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Quarkus 3.8.6.SP1",
"product_id": "T038267-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:quarkus__3.8.6.sp1"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.2.12.SP1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Quarkus \u003c3.2.12.SP1",
"product_id": "T038269"
}
},
{
"category": "product_version",
"name": "Quarkus 3.2.12.SP1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Quarkus 3.2.12.SP1",
"product_id": "T038269-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:quarkus__3.2.12.sp1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.23",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.23",
"product_id": "T045348"
}
},
{
"category": "product_version",
"name": "7.4.23",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.23",
"product_id": "T045348-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.23"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T038265",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
},
{
"category": "product_version_range",
"name": "Serverless Logic \u003c1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic \u003c1.35.0",
"product_id": "T040597"
}
},
{
"category": "product_version",
"name": "Serverless Logic 1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic 1.35.0",
"product_id": "T040597-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:serverless_logic__1.35.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "16.2",
"product": {
"name": "Red Hat OpenStack 16.2",
"product_id": "T038264",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2"
}
}
}
],
"category": "product_name",
"name": "OpenStack"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.0.1",
"product_id": "T047323"
}
},
{
"category": "product_version",
"name": "10.0.1",
"product": {
"name": "Splunk Splunk Enterprise 10.0.1",
"product_id": "T047323-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.0.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.4",
"product_id": "T047324"
}
},
{
"category": "product_version",
"name": "9.4.4",
"product": {
"name": "Splunk Splunk Enterprise 9.4.4",
"product_id": "T047324-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.6",
"product_id": "T047325"
}
},
{
"category": "product_version",
"name": "9.3.6",
"product": {
"name": "Splunk Splunk Enterprise 9.3.6",
"product_id": "T047325-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.8",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.8",
"product_id": "T047326"
}
},
{
"category": "product_version",
"name": "9.2.8",
"product": {
"name": "Splunk Splunk Enterprise 9.2.8",
"product_id": "T047326-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.8"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44549",
"product_status": {
"known_affected": [
"67646",
"T036943",
"T038269",
"T038265",
"T016960",
"T038266",
"T038267",
"T038268",
"T038261",
"T038262",
"T038263",
"T047326",
"T038264",
"T045348",
"T000126",
"T038260",
"398363",
"T040597",
"T047324",
"T047325",
"T047323"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2021-44549"
},
{
"cve": "CVE-2024-40094",
"product_status": {
"known_affected": [
"67646",
"T036943",
"T038269",
"T038265",
"T016960",
"T038266",
"T038267",
"T038268",
"T038261",
"T038262",
"T038263",
"T047326",
"T038264",
"T045348",
"T000126",
"T038260",
"398363",
"T040597",
"T047324",
"T047325",
"T047323"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2024-40094"
},
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"67646",
"T036943",
"T038269",
"T038265",
"T016960",
"T038266",
"T038267",
"T038268",
"T038261",
"T038262",
"T038263",
"T047326",
"T038264",
"T045348",
"T000126",
"T038260",
"398363",
"T040597",
"T047324",
"T047325",
"T047323"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-7254",
"product_status": {
"known_affected": [
"67646",
"T036943",
"T038269",
"T038265",
"T016960",
"T038266",
"T038267",
"T038268",
"T038261",
"T038262",
"T038263",
"T047326",
"T038264",
"T045348",
"T000126",
"T038260",
"398363",
"T040597",
"T047324",
"T047325",
"T047323"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2024-7254"
}
]
}
WID-SEC-W-2024-3180
Vulnerability from csaf_certbund - Published: 2024-10-14 22:00 - Updated: 2025-11-18 23:00Summary
Apache Camel und mehrere Red Hat Produkte: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.
JBoss A-MQ ist eine Messaging-Plattform.
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank für den schnellen Zugriff auf große Datenvolumen und Skalierbarkeit.
Angriff: Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Apache Camel und in mehreren Red Hat-Produkten ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration Camel K 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_k_1
|
Camel K 1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:-
|
— | |
|
Red Hat JBoss Data Grid
Red Hat
|
cpe:/a:redhat:jboss_data_grid:-
|
— | |
|
Apache Camel <4.4.3
Apache / Camel
|
<4.4.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
Red Hat JBoss Enterprise Application Platform Quarkus
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:quarkus
|
Quarkus | |
|
Atlassian Bamboo <10.0.3
Atlassian / Bamboo
|
<10.0.3 | ||
|
Atlassian Bamboo <9.2.20
Atlassian / Bamboo
|
<9.2.20 | ||
|
Atlassian Bamboo <9.6.8
Atlassian / Bamboo
|
<9.6.8 | ||
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Red Hat JBoss A-MQ Streams 2
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:streams_2
|
Streams 2 | |
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration Camel K 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_k_1
|
Camel K 1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:-
|
— | |
|
Red Hat JBoss Data Grid
Red Hat
|
cpe:/a:redhat:jboss_data_grid:-
|
— | |
|
Apache Camel <4.4.3
Apache / Camel
|
<4.4.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
Red Hat JBoss Enterprise Application Platform Quarkus
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:quarkus
|
Quarkus | |
|
Atlassian Bamboo <10.0.3
Atlassian / Bamboo
|
<10.0.3 | ||
|
Atlassian Bamboo <9.2.20
Atlassian / Bamboo
|
<9.2.20 | ||
|
Atlassian Bamboo <9.6.8
Atlassian / Bamboo
|
<9.6.8 | ||
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Red Hat JBoss A-MQ Streams 2
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:streams_2
|
Streams 2 | |
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration Camel K 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_k_1
|
Camel K 1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:-
|
— | |
|
Red Hat JBoss Data Grid
Red Hat
|
cpe:/a:redhat:jboss_data_grid:-
|
— | |
|
Apache Camel <4.4.3
Apache / Camel
|
<4.4.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
Red Hat JBoss Enterprise Application Platform Quarkus
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:quarkus
|
Quarkus | |
|
Atlassian Bamboo <10.0.3
Atlassian / Bamboo
|
<10.0.3 | ||
|
Atlassian Bamboo <9.2.20
Atlassian / Bamboo
|
<9.2.20 | ||
|
Atlassian Bamboo <9.6.8
Atlassian / Bamboo
|
<9.6.8 | ||
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Red Hat JBoss A-MQ Streams 2
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:streams_2
|
Streams 2 | |
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration Camel K 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_k_1
|
Camel K 1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:-
|
— | |
|
Red Hat JBoss Data Grid
Red Hat
|
cpe:/a:redhat:jboss_data_grid:-
|
— | |
|
Apache Camel <4.4.3
Apache / Camel
|
<4.4.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
Red Hat JBoss Enterprise Application Platform Quarkus
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:quarkus
|
Quarkus | |
|
Atlassian Bamboo <10.0.3
Atlassian / Bamboo
|
<10.0.3 | ||
|
Atlassian Bamboo <9.2.20
Atlassian / Bamboo
|
<9.2.20 | ||
|
Atlassian Bamboo <9.6.8
Atlassian / Bamboo
|
<9.6.8 | ||
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Red Hat JBoss A-MQ Streams 2
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:streams_2
|
Streams 2 | |
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration Camel K 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_k_1
|
Camel K 1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:-
|
— | |
|
Atlassian Jira Data Center and Server <9.12.15 (LTS)
Atlassian / Jira
|
Data Center and Server <9.12.15 (LTS) | ||
|
Red Hat JBoss Data Grid
Red Hat
|
cpe:/a:redhat:jboss_data_grid:-
|
— | |
|
Apache Camel <4.4.3
Apache / Camel
|
<4.4.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
Red Hat JBoss Enterprise Application Platform Quarkus
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:quarkus
|
Quarkus | |
|
Atlassian Bamboo <10.0.3
Atlassian / Bamboo
|
<10.0.3 | ||
|
Atlassian Bamboo <9.2.20
Atlassian / Bamboo
|
<9.2.20 | ||
|
Atlassian Bamboo <9.6.8
Atlassian / Bamboo
|
<9.6.8 | ||
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Atlassian Jira Data Center and Server <10.3.1
Atlassian / Jira
|
Data Center and Server <10.3.1 | ||
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 | ||
|
Atlassian Jira Data Center and Server <9.17.5
Atlassian / Jira
|
Data Center and Server <9.17.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Red Hat JBoss A-MQ Streams 2
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:streams_2
|
Streams 2 | |
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.\r\nJBoss A-MQ ist eine Messaging-Plattform.\r\nJBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank f\u00fcr den schnellen Zugriff auf gro\u00dfe Datenvolumen und Skalierbarkeit.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Apache Camel und in mehreren Red Hat-Produkten ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3180 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3180.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3180 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3180"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8339 vom 2024-10-22",
"url": "https://access.redhat.com/errata/RHSA-2024:8339"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8824 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8823 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8826 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8826"
},
{
"category": "external",
"summary": "Atlassian November 2024 Security Bulletin vom 2024-11-19",
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:11023"
},
{
"category": "external",
"summary": "Atlassian Security Advisory JSWSERVER-26273 vom 2025-01-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-january-21-2025-1489803942.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7183676 vom 2025-02-27",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2416 vom 2025-03-05",
"url": "https://access.redhat.com/errata/RHSA-2025:2416"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248128 vom 2025-10-16",
"url": "https://www.ibm.com/support/pages/node/7248128"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "Apache Camel und mehrere Red Hat Produkte: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:53.264+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3180",
"initial_release_date": "2024-10-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-20T23:00:00.000+00:00",
"number": "10",
"summary": "Produktzuordnung Atlassian Jira korrigiert"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.4.3",
"product": {
"name": "Apache Camel \u003c4.4.3",
"product_id": "T038353"
}
},
{
"category": "product_version",
"name": "4.4.3",
"product": {
"name": "Apache Camel 4.4.3",
"product_id": "T038353-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.4.3"
}
}
}
],
"category": "product_name",
"name": "Camel"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.3",
"product": {
"name": "Atlassian Bamboo \u003c10.0.3",
"product_id": "T039274"
}
},
{
"category": "product_version",
"name": "10.0.3",
"product": {
"name": "Atlassian Bamboo 10.0.3",
"product_id": "T039274-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.8",
"product": {
"name": "Atlassian Bamboo \u003c9.6.8",
"product_id": "T039275"
}
},
{
"category": "product_version",
"name": "9.6.8",
"product": {
"name": "Atlassian Bamboo 9.6.8",
"product_id": "T039275-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.20",
"product": {
"name": "Atlassian Bamboo \u003c9.2.20",
"product_id": "T039276"
}
},
{
"category": "product_version",
"name": "9.2.20",
"product": {
"name": "Atlassian Bamboo 9.2.20",
"product_id": "T039276-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.20"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.17.5",
"product": {
"name": "Atlassian Jira Data Center and Server \u003c9.17.5",
"product_id": "T040542"
}
},
{
"category": "product_version",
"name": "Data Center and Server 9.17.5",
"product": {
"name": "Atlassian Jira Data Center and Server 9.17.5",
"product_id": "T040542-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_and_server__9.17.5"
}
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c10.3.1",
"product": {
"name": "Atlassian Jira Data Center and Server \u003c10.3.1",
"product_id": "T042108"
}
},
{
"category": "product_version",
"name": "Data Center and Server 10.3.1",
"product": {
"name": "Atlassian Jira Data Center and Server 10.3.1",
"product_id": "T042108-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_and_server__10.3.1"
}
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.12.15 (LTS)",
"product": {
"name": "Atlassian Jira Data Center and Server \u003c9.12.15 (LTS)",
"product_id": "T042109"
}
},
{
"category": "product_version",
"name": "Data Center and Server 9.12.15 (LTS)",
"product": {
"name": "Atlassian Jira Data Center and Server 9.12.15 (LTS)",
"product_id": "T042109-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_and_server__9.12.15_%2528lts%2529"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.0.4 IF2",
"product": {
"name": "IBM Cognos Analytics \u003c12.0.4 IF2",
"product_id": "T041469"
}
},
{
"category": "product_version",
"name": "12.0.4 IF2",
"product": {
"name": "IBM Cognos Analytics 12.0.4 IF2",
"product_id": "T041469-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:12.0.4_if2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.2.4 IF4",
"product": {
"name": "IBM Cognos Analytics \u003c11.2.4 IF4",
"product_id": "T041470"
}
},
{
"category": "product_version",
"name": "11.2.4 IF4",
"product": {
"name": "IBM Cognos Analytics 11.2.4 IF4",
"product_id": "T041470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:11.2.4_if4"
}
}
}
],
"category": "product_name",
"name": "Cognos Analytics"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Camel K 1",
"product": {
"name": "Red Hat Integration Camel K 1",
"product_id": "T031972",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_k_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss A-MQ",
"product": {
"name": "Red Hat JBoss A-MQ",
"product_id": "T038357",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:-"
}
}
},
{
"category": "product_version",
"name": "Streams 2",
"product": {
"name": "Red Hat JBoss A-MQ Streams 2",
"product_id": "T041596",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:streams_2"
}
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"category": "product_name",
"name": "Red Hat JBoss Data Grid",
"product": {
"name": "Red Hat JBoss Data Grid",
"product_id": "T038358",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Quarkus",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Quarkus",
"product_id": "T038356",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:quarkus"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52428",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-38809",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-38809"
},
{
"cve": "CVE-2024-38816",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-45294",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-45294"
},
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T042109",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T042108",
"T041469",
"T040542",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-47561"
}
]
}
WID-SEC-W-2025-0135
Vulnerability from csaf_certbund - Published: 2025-01-21 23:00 - Updated: 2025-01-21 23:00Summary
Oracle Communications Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.0.0
|
3.0.3.0.0 | |
|
Oracle Communications Applications 3.0.2.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.2.0.0
|
3.0.2.0.0 | |
|
Oracle Communications Applications 8.1.0.26
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.26
|
8.1.0.26 | |
|
Oracle Communications Applications 8.1.0.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.1
|
8.1.0.1 | |
|
Oracle Communications Applications 15.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0
|
15.0.0.0 | |
|
Oracle Communications Applications 8.0.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.0.0.3
|
8.0.0.3 | |
|
Oracle Communications Applications 15.0.1.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.1.0
|
15.0.1.0 | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
7.4.0 | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
7.4.1 | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
7.5.0 | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
7.4.2 | |
|
Oracle Communications Applications 3.0.3.3.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3.0
|
3.0.3.3.0 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <=6.0.5
Oracle / Communications Applications
|
<=6.0.5 | ||
|
Oracle Communications Applications <=12.0.0.8
Oracle / Communications Applications
|
<=12.0.0.8 | ||
|
Oracle Communications Applications <=15.0.0.1
Oracle / Communications Applications
|
<=15.0.0.1 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0135 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0135.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0135 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0135"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2025 - Appendix Oracle Communications Applications vom 2025-01-21",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html#AppendixCAGBU"
}
],
"source_lang": "en-US",
"title": "Oracle Communications Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-21T23:00:00.000+00:00",
"generator": {
"date": "2025-01-22T09:03:47.024+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2025-0135",
"initial_release_date": "2025-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.4.0",
"product": {
"name": "Oracle Communications Applications 7.4.0",
"product_id": "T018938",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.0"
}
}
},
{
"category": "product_version",
"name": "7.4.1",
"product": {
"name": "Oracle Communications Applications 7.4.1",
"product_id": "T018939",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=12.0.0.8",
"product": {
"name": "Oracle Communications Applications \u003c=12.0.0.8",
"product_id": "T034251"
}
},
{
"category": "product_version_range",
"name": "\u003c=12.0.0.8",
"product": {
"name": "Oracle Communications Applications \u003c=12.0.0.8",
"product_id": "T034251-fixed"
}
},
{
"category": "product_version",
"name": "15.0.0.0",
"product": {
"name": "Oracle Communications Applications 15.0.0.0",
"product_id": "T034252",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:15.0.0.0"
}
}
},
{
"category": "product_version",
"name": "7.4.2",
"product": {
"name": "Oracle Communications Applications 7.4.2",
"product_id": "T034254",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.2"
}
}
},
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "Oracle Communications Applications 7.5.0",
"product_id": "T034255",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.5.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=6.0.5",
"product": {
"name": "Oracle Communications Applications \u003c=6.0.5",
"product_id": "T038372"
}
},
{
"category": "product_version_range",
"name": "\u003c=6.0.5",
"product": {
"name": "Oracle Communications Applications \u003c=6.0.5",
"product_id": "T038372-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=15.0.0.1",
"product": {
"name": "Oracle Communications Applications \u003c=15.0.0.1",
"product_id": "T040433"
}
},
{
"category": "product_version_range",
"name": "\u003c=15.0.0.1",
"product": {
"name": "Oracle Communications Applications \u003c=15.0.0.1",
"product_id": "T040433-fixed"
}
},
{
"category": "product_version",
"name": "15.0.1.0",
"product": {
"name": "Oracle Communications Applications 15.0.1.0",
"product_id": "T040434",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:15.0.1.0"
}
}
},
{
"category": "product_version",
"name": "8.0.0.3",
"product": {
"name": "Oracle Communications Applications 8.0.0.3",
"product_id": "T040435",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:8.0.0.3"
}
}
},
{
"category": "product_version",
"name": "8.1.0.1",
"product": {
"name": "Oracle Communications Applications 8.1.0.1",
"product_id": "T040436",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:8.1.0.1"
}
}
},
{
"category": "product_version",
"name": "8.1.0.26",
"product": {
"name": "Oracle Communications Applications 8.1.0.26",
"product_id": "T040437",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:8.1.0.26"
}
}
},
{
"category": "product_version",
"name": "3.0.2.0.0",
"product": {
"name": "Oracle Communications Applications 3.0.2.0.0",
"product_id": "T040438",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:3.0.2.0.0"
}
}
},
{
"category": "product_version",
"name": "3.0.3.0.0",
"product": {
"name": "Oracle Communications Applications 3.0.3.0.0",
"product_id": "T040439",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:3.0.3.0.0"
}
}
},
{
"category": "product_version",
"name": "3.0.3.3.0",
"product": {
"name": "Oracle Communications Applications 3.0.3.3.0",
"product_id": "T040440",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:3.0.3.3.0"
}
}
}
],
"category": "product_name",
"name": "Communications Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29408",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2023-29408"
},
{
"cve": "CVE-2024-0232",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-0232"
},
{
"cve": "CVE-2024-1442",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-1442"
},
{
"cve": "CVE-2024-24786",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27309",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-27309"
},
{
"cve": "CVE-2024-28849",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29133",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-29133"
},
{
"cve": "CVE-2024-35195",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-37371",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-37891",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38807",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-38807"
},
{
"cve": "CVE-2024-38827",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-38827"
},
{
"cve": "CVE-2024-47535",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-47535"
},
{
"cve": "CVE-2024-47554",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-6162",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-7254",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-7592",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2025-21542",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21542"
},
{
"cve": "CVE-2025-21544",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21544"
},
{
"cve": "CVE-2025-21554",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T040439",
"T040438",
"T040437",
"T040436",
"T034252",
"T040435",
"T040434",
"T018938",
"T018939",
"T034255",
"T034254",
"T040440"
],
"last_affected": [
"T038372",
"T034251",
"T040433"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21554"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…