Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47561 (GCVE-0-2024-47561)
Vulnerability from cvelistv5 – Published: 2024-10-03 10:23 – Updated: 2024-10-21 08:51
VLAI
EPSS
Title
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
Summary
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Avro Java SDK |
Affected:
0 , < 1.11.4
(semver)
|
|
| apache | avro |
Affected:
0 , < 1.11.4
(semver)
cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:* |
Credits
Kostya Kortchinsky, from the Databricks Security Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-11T22:03:16.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/03/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241011-0003/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*"
],
"defaultStatus": "unknown",
"product": "avro",
"vendor": "apache",
"versions": [
{
"lessThan": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:53:44.038603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:59:41.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.avro:avro",
"product": "Apache Avro Java SDK",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kostya Kortchinsky, from the Databricks Security Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\u003cbr\u003eUsers are recommended to upgrade to version 1.11.4\u0026nbsp; or 1.12.0, which fix this issue."
}
],
"value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T08:51:22.972Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47561",
"datePublished": "2024-10-03T10:23:16.214Z",
"dateReserved": "2024-09-27T07:06:47.522Z",
"dateUpdated": "2024-10-21T08:51:22.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-47561",
"date": "2026-06-05",
"epss": "0.00674",
"percentile": "0.71855"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47561\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-10-03T11:15:13.510\",\"lastModified\":\"2025-07-10T21:04:01.920\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\\nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue.\"},{\"lang\":\"es\",\"value\":\"El an\u00e1lisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten c\u00f3digo arbitrario. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.11.4 o 1.12.0, que solucionan este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*\",\"versionEndExcluding\":\"1.11.4\",\"matchCriteriaId\":\"6C46991D-B086-4087-9458-DAE10A86DE36\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25FA7A4D-B0E2-423E-8146-E221AE2D6120\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/10/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20241011-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/03/1\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241011-0003/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-11T22:03:16.050Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47561\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T18:53:44.038603Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*\"], \"vendor\": \"apache\", \"product\": \"avro\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.11.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T18:55:37.785Z\"}}], \"cna\": {\"title\": \"Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kostya Kortchinsky, from the Databricks Security Team\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"critical\"}}}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Avro Java SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.11.4\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.avro:avro\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\\nUsers are recommended to upgrade to version 1.11.4\\u00a0 or 1.12.0, which fix this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\u003cbr\u003eUsers are recommended to upgrade to version 1.11.4\u0026nbsp; or 1.12.0, which fix this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-10-21T08:51:22.972Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47561\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T08:51:22.972Z\", \"dateReserved\": \"2024-09-27T07:06:47.522Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-10-03T10:23:16.214Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2025-0143
Vulnerability from csaf_certbund - Published: 2025-01-21 23:00 - Updated: 2025-08-17 22:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0143 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0143.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0143 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0143"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2025 - Appendix Oracle Fusion Middleware vom 2025-01-21",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-17T22:00:00.000+00:00",
"generator": {
"date": "2025-08-18T11:50:24.468+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0143",
"initial_release_date": "2025-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "3",
"summary": "Korrektur"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "14.1.2.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.0.0",
"product_id": "T040467",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12415",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2019-12415"
},
{
"cve": "CVE-2023-44483",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2023-44483"
},
{
"cve": "CVE-2023-49582",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2023-49582"
},
{
"cve": "CVE-2023-51775",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-7272",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2023-7272"
},
{
"cve": "CVE-2024-23635",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-23635"
},
{
"cve": "CVE-2024-29857",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-34750",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-37371",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-38475",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-38475"
},
{
"cve": "CVE-2024-38819",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-45492",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-47072",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-5535",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-8096",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-8096"
},
{
"cve": "CVE-2025-21498",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21498"
},
{
"cve": "CVE-2025-21535",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21535"
},
{
"cve": "CVE-2025-21549",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21549"
}
]
}
WID-SEC-W-2025-0402
Vulnerability from csaf_certbund - Published: 2025-02-18 23:00 - Updated: 2025-02-18 23:00Summary
Atlassian Bitbucket: Schwachstelle ermöglicht Codeausführung
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Atlassian Bitbucket ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bitbucket <8.19.11
Atlassian / Bitbucket
|
<8.19.11 | ||
|
Atlassian Bitbucket <8.9.21
Atlassian / Bitbucket
|
<8.9.21 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Atlassian Bitbucket ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0402 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0402.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0402 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0402"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin vom 2025-02-18",
"url": "https://jira.atlassian.com/browse/BSERV-19827"
}
],
"source_lang": "en-US",
"title": "Atlassian Bitbucket: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-02-18T23:00:00.000+00:00",
"generator": {
"date": "2025-02-19T11:20:36.183+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0402",
"initial_release_date": "2025-02-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.9.21",
"product": {
"name": "Atlassian Bitbucket \u003c8.9.21",
"product_id": "T041292"
}
},
{
"category": "product_version",
"name": "8.9.21",
"product": {
"name": "Atlassian Bitbucket 8.9.21",
"product_id": "T041292-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.9.21"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.11",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.11",
"product_id": "T041293"
}
},
{
"category": "product_version",
"name": "8.19.11",
"product": {
"name": "Atlassian Bitbucket 8.19.11",
"product_id": "T041293-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.11"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"T041293",
"T041292"
]
},
"release_date": "2025-02-18T23:00:00.000+00:00",
"title": "CVE-2024-47561"
}
]
}
WID-SEC-W-2025-0818
Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0818 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0818.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0818 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0818"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Fusion Middleware vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixFMW"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:22.604+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0818",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "14.1.2.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.0.0",
"product_id": "T040467",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2020-25649",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2023-26464",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2023-26464"
},
{
"cve": "CVE-2024-11053",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-11612",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-11612"
},
{
"cve": "CVE-2024-25710",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-28168",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-29857",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-38476",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38476"
},
{
"cve": "CVE-2024-40896",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-40896"
},
{
"cve": "CVE-2024-47072",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-50602",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-52046",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2024-56337",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2024-7254",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-9143",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-24970",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-24970"
},
{
"cve": "CVE-2025-27363",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-27363"
}
]
}
WID-SEC-W-2025-0919
Vulnerability from csaf_certbund - Published: 2025-05-01 22:00 - Updated: 2025-05-01 22:00Summary
LogStash: Schwachstelle ermöglicht Codeausführung
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Logstash ist eine Software zur simultanen Verarbeitung von Datenströmen aus unterschiedlichen Quellen.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in LogStash ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source LogStash <8.15.3
Open Source / LogStash
|
<8.15.3 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Logstash ist eine Software zur simultanen Verarbeitung von Datenstr\u00f6men aus unterschiedlichen Quellen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in LogStash ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0919 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0919.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0919 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0919"
},
{
"category": "external",
"summary": "Logstash 8.15.3 Security Update vom 2025-05-01",
"url": "https://discuss.elastic.co/t/logstash-8-15-3-security-update-esa-2024-38/377707"
},
{
"category": "external",
"summary": "NIST CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-47561"
}
],
"source_lang": "en-US",
"title": "LogStash: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-05-01T22:00:00.000+00:00",
"generator": {
"date": "2025-05-02T09:09:58.081+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0919",
"initial_release_date": "2025-05-01T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-01T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.15.3",
"product": {
"name": "Open Source LogStash \u003c8.15.3",
"product_id": "T043275"
}
},
{
"category": "product_version",
"name": "8.15.3",
"product": {
"name": "Open Source LogStash 8.15.3",
"product_id": "T043275-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:logstash:8.15.3"
}
}
}
],
"category": "product_name",
"name": "LogStash"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"T043275"
]
},
"release_date": "2025-05-01T22:00:00.000+00:00",
"title": "CVE-2024-47561"
}
]
}
WID-SEC-W-2025-1571
Vulnerability from csaf_certbund - Published: 2025-07-15 22:00 - Updated: 2025-07-15 22:00Summary
Oracle Hyperion: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Hyperion bietet Lösungen für Business Intelligence, Planung und Konsolidierung.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Hyperion ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Hyperion 11.2.21.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.21.0.000
|
11.2.21.0.000 | |
|
Oracle Hyperion 11.2.20.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.20.0.000
|
11.2.20.0.000 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Hyperion 11.2.21.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.21.0.000
|
11.2.21.0.000 | |
|
Oracle Hyperion 11.2.20.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.20.0.000
|
11.2.20.0.000 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Hyperion 11.2.21.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.21.0.000
|
11.2.21.0.000 | |
|
Oracle Hyperion 11.2.20.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.20.0.000
|
11.2.20.0.000 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Hyperion 11.2.21.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.21.0.000
|
11.2.21.0.000 | |
|
Oracle Hyperion 11.2.20.0.000
Oracle / Hyperion
|
cpe:/a:oracle:hyperion:11.2.20.0.000
|
11.2.20.0.000 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Hyperion bietet L\u00f6sungen f\u00fcr Business Intelligence, Planung und Konsolidierung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Hyperion ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1571 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1571.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1571 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1571"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle Hyperion vom 2025-07-15",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixHYP"
}
],
"source_lang": "en-US",
"title": "Oracle Hyperion: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-15T22:00:00.000+00:00",
"generator": {
"date": "2025-07-16T08:31:58.850+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1571",
"initial_release_date": "2025-07-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.2.21.0.000",
"product": {
"name": "Oracle Hyperion 11.2.21.0.000",
"product_id": "T045383",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:hyperion:11.2.21.0.000"
}
}
},
{
"category": "product_version",
"name": "11.2.20.0.000",
"product": {
"name": "Oracle Hyperion 11.2.20.0.000",
"product_id": "T045384",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:hyperion:11.2.20.0.000"
}
}
}
],
"category": "product_name",
"name": "Hyperion"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-49582",
"product_status": {
"known_affected": [
"T045383",
"T045384"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2023-49582"
},
{
"cve": "CVE-2024-28168",
"product_status": {
"known_affected": [
"T045383",
"T045384"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"T045383",
"T045384"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2025-50108",
"product_status": {
"known_affected": [
"T045383",
"T045384"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50108"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…