Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-57699 (GCVE-0-2024-57699)
Vulnerability from cvelistv5 – Published: 2025-02-05 00:00 – Updated: 2025-02-06 15:15
VLAI
EPSS
Summary
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-674 - Uncontrolled Recursion
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:14:00.482073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:15:17.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \u2019{\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:38:33.811Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
},
{
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57699",
"datePublished": "2025-02-05T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-06T15:15:17.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-57699",
"date": "2026-06-07",
"epss": "0.00058",
"percentile": "0.18459"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-57699\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-02-05T22:15:33.183\",\"lastModified\":\"2025-02-06T16:15:41.170\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \u2019{\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un problema de seguridad en Netplex Json-smart 2.5.0 a 2.5.1. Al cargar una entrada JSON manipulado especial, que contiene una gran cantidad de \u2019{\u2019, se puede activar un agotamiento de la pila, lo que podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio (DoS). Este problema existe debido a una correcci\u00f3n incompleta de CVE-2023-1370.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"references\":[{\"url\":\"https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://nvd.nist.gov/vuln/detail/cve-2023-1370\",\"source\":\"cve@mitre.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-57699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T15:14:00.482073Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T15:14:58.541Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://nvd.nist.gov/vuln/detail/cve-2023-1370\"}, {\"url\": \"https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \\u2019{\\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-02-05T21:38:33.811Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-57699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-06T15:15:17.536Z\", \"dateReserved\": \"2025-01-09T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-02-05T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
NCSC-2025-0127
Vulnerability from csaf_ncscnl - Published: 2025-04-16 15:00 - Updated: 2025-04-16 15:00Summary
Kwetsbaarheden verholpen in Oracle Financial Services
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende Financial Services producten
Interpretaties: De kwetsbaarheden stellen niet-geauthenticeerde kwaadwillenden in staat om via HTTP toegang te krijgen tot kritieke gegevens, wat kan leiden tot ongeautoriseerde gegevenstoegang en andere beveiligingsrisico's. Kwaadwillenden kunnen ook gebruik maken van misconfiguraties en kwetsbaarheden in de software om privilege-escalatie, denial-of-service en remote code execution uit te voeren.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-670: Always-Incorrect Control Flow Implementation
CWE-676: Use of Potentially Dangerous Function
CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
CWE-922: Insecure Storage of Sensitive Information
CWE-669: Incorrect Resource Transfer Between Spheres
CWE-178: Improper Handling of Case Sensitivity
CWE-303: Incorrect Implementation of Authentication Algorithm
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-680: Integer Overflow to Buffer Overflow
CWE-639: Authorization Bypass Through User-Controlled Key
CWE-404: Improper Resource Shutdown or Release
CWE-284: Improper Access Control
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-400: Uncontrolled Resource Consumption
CWE-502: Deserialization of Untrusted Data
CWE-674: Uncontrolled Recursion
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611: Improper Restriction of XML External Entity Reference
CWE-121: Stack-based Buffer Overflow
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20: Improper Input Validation
7.5 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.5 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
5.5 (Medium)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
5.3 (Medium)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.5 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.3 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
5.7 (Medium)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
4.4 (Medium)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
8.1 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
9.8 (Critical)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
4.8 (Medium)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.5 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.5 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.4 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
9.8 (Critical)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.5 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
6.0 (Medium)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
7.5 (High)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/8.1.2.7.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.2.7.0 | ||
|
vers:unknown/8.1.3.0
Oracle / Oracle / Financial Services Model Management and Governance
|
vers:unknown/8.1.3.0 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.7.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7.0 | |
|
vers:oracle/8.1.3.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Model Management and Governance
|
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*
|
vers:oracle/8.1.3.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking APIs
|
cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:oracle/21.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/21.1.0.0.0 | |
|
vers:oracle/22.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.1.0.0.0 | |
|
vers:oracle/22.2.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Digital Experience
|
cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/22.2.0.0.0 | |
|
vers:unknown/8.0.7.8
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.7.8 | ||
|
vers:unknown/8.0.8.6
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.0.8.6 | ||
|
vers:unknown/8.1.1.4
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.1.4 | ||
|
vers:oracle/8.0.7.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
|
vers:oracle/8.0.7.8 | |
|
vers:unknown/8.1.2.5
Oracle / Oracle / Financial Services Analytical Applications Infrastructure
|
vers:unknown/8.1.2.5 | ||
|
vers:oracle/8.0.8.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.6 | |
|
vers:oracle/8.1.1.4
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*
|
vers:oracle/8.1.1.4 | |
|
vers:oracle/8.1.2.5
Oracle / Oracle Financial Services Applications / Oracle Financial Services Analytical Applications Infrastructure
|
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.5 | |
|
vers:oracle/5.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/5.1.0.0.0 | |
|
vers:oracle/6.1.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/6.1.0.0.0 | |
|
vers:oracle/7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/7.0.0.0.0 | |
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Financial Services Revenue Management and Billing
|
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0 | |
|
vers:semver/5.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/5.1.0.0.0 | ||
|
vers:semver/6.1.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/6.1.0.0.0 | ||
|
vers:semver/7.0.0.0.0
Oracle Corporation / Oracle Financial Services Revenue Management and Billing
|
vers:semver/7.0.0.0.0 | ||
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Corporate Lending Process Management
|
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Origination
|
cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*
|
vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0 | |
|
vers:unknown/8.0.8.1
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.0.8.1 | ||
|
vers:unknown/8.1.2.7
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.7 | ||
|
vers:unknown/8.1.2.8
Oracle / Oracle / Financial Services Behavior Detection Platform
|
vers:unknown/8.1.2.8 | ||
|
vers:oracle/8.0.8.1
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*
|
vers:oracle/8.0.8.1 | |
|
vers:oracle/8.1.2.7
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.7 | |
|
vers:oracle/8.1.2.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.8 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Behavior Detection Platform
|
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 | |
|
vers:oracle/8.0.8
Oracle / Oracle Financial Services Applications / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
|
vers:oracle/8.0.8 | |
|
vers:unknown/14.7.0.7.0
Oracle / Oracle / Banking Liquidity Management
|
vers:unknown/14.7.0.7.0 | ||
|
vers:oracle/14.7.0.7.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.0.7.0 | |
|
vers:oracle/14.7.5.0.0
Oracle / Oracle Financial Services Applications / Oracle Banking Liquidity Management
|
cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.7.5.0.0 | |
|
vers:unknown/8.1.2.6
Oracle / Oracle / Financial Services Compliance Studio
|
vers:unknown/8.1.2.6 | ||
|
vers:oracle/8.1.2.6
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.6 | |
|
vers:oracle/8.1.2.9
Oracle / Oracle Financial Services Applications / Oracle Financial Services Compliance Studio
|
cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*
|
vers:oracle/8.1.2.9 |
References
20 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende Financial Services producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen niet-geauthenticeerde kwaadwillenden in staat om via HTTP toegang te krijgen tot kritieke gegevens, wat kan leiden tot ongeautoriseerde gegevenstoegang en andere beveiligingsrisico\u0027s. Kwaadwillenden kunnen ook gebruik maken van misconfiguraties en kwetsbaarheden in de software om privilege-escalatie, denial-of-service en remote code execution uit te voeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
},
{
"category": "general",
"text": "Use of Potentially Dangerous Function",
"title": "CWE-676"
},
{
"category": "general",
"text": "Storage of Sensitive Data in a Mechanism without Access Control",
"title": "CWE-921"
},
{
"category": "general",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Financial Services",
"tracking": {
"current_release_date": "2025-04-16T15:00:12.952979Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0127",
"initial_release_date": "2025-04-16T15:00:12.952979Z",
"revision_history": [
{
"date": "2025-04-16T15:00:12.952979Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.7.0",
"product": {
"name": "vers:unknown/8.1.2.7.0",
"product_id": "CSAFPID-2698335"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.3.0",
"product": {
"name": "vers:unknown/8.1.3.0",
"product_id": "CSAFPID-1838588"
}
}
],
"category": "product_name",
"name": "Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.0.7.8",
"product": {
"name": "vers:unknown/8.0.7.8",
"product_id": "CSAFPID-1838570"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.0.8.6",
"product": {
"name": "vers:unknown/8.0.8.6",
"product_id": "CSAFPID-1838583"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.1.4",
"product": {
"name": "vers:unknown/8.1.1.4",
"product_id": "CSAFPID-2698354"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.5",
"product": {
"name": "vers:unknown/8.1.2.5",
"product_id": "CSAFPID-1838577"
}
}
],
"category": "product_name",
"name": "Financial Services Analytical Applications Infrastructure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.0.8.1",
"product": {
"name": "vers:unknown/8.0.8.1",
"product_id": "CSAFPID-1199519"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.7",
"product": {
"name": "vers:unknown/8.1.2.7",
"product_id": "CSAFPID-1838573"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.8",
"product": {
"name": "vers:unknown/8.1.2.8",
"product_id": "CSAFPID-1838574"
}
}
],
"category": "product_name",
"name": "Financial Services Behavior Detection Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/14.7.0.7.0",
"product": {
"name": "vers:unknown/14.7.0.7.0",
"product_id": "CSAFPID-2698380"
}
}
],
"category": "product_name",
"name": "Banking Liquidity Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.6",
"product": {
"name": "vers:unknown/8.1.2.6",
"product_id": "CSAFPID-1838589"
}
}
],
"category": "product_name",
"name": "Financial Services Compliance Studio"
}
],
"category": "product_family",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.6",
"product": {
"name": "vers:oracle/8.1.2.6",
"product_id": "CSAFPID-1839860",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.7",
"product": {
"name": "vers:oracle/8.1.2.7",
"product_id": "CSAFPID-1839857",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.7.0",
"product": {
"name": "vers:oracle/8.1.2.7.0",
"product_id": "CSAFPID-2699019",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.3.0",
"product": {
"name": "vers:oracle/8.1.3.0",
"product_id": "CSAFPID-1839858",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/21.1.0.0.0",
"product": {
"name": "vers:oracle/21.1.0.0.0",
"product_id": "CSAFPID-2698953",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.1.0.0.0",
"product": {
"name": "vers:oracle/22.1.0.0.0",
"product_id": "CSAFPID-2698951",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.2.0.0.0",
"product": {
"name": "vers:oracle/22.2.0.0.0",
"product_id": "CSAFPID-2698952",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking APIs"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/21.1.0.0.0",
"product": {
"name": "vers:oracle/21.1.0.0.0",
"product_id": "CSAFPID-2698992",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.1.0.0.0",
"product": {
"name": "vers:oracle/22.1.0.0.0",
"product_id": "CSAFPID-2698990",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.2.0.0.0",
"product": {
"name": "vers:oracle/22.2.0.0.0",
"product_id": "CSAFPID-2698994",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Digital Experience"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.0.7.8",
"product": {
"name": "vers:oracle/8.0.7.8",
"product_id": "CSAFPID-1839976",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.0.8.6",
"product": {
"name": "vers:oracle/8.0.8.6",
"product_id": "CSAFPID-1839966",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.1.4",
"product": {
"name": "vers:oracle/8.1.1.4",
"product_id": "CSAFPID-2699017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.5",
"product": {
"name": "vers:oracle/8.1.2.5",
"product_id": "CSAFPID-1839974",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Analytical Applications Infrastructure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/5.1.0.0.0",
"product": {
"name": "vers:oracle/5.1.0.0.0",
"product_id": "CSAFPID-2699099",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/6.1.0.0.0",
"product": {
"name": "vers:oracle/6.1.0.0.0",
"product_id": "CSAFPID-2699100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/7.0.0.0.0",
"product": {
"name": "vers:oracle/7.0.0.0.0",
"product_id": "CSAFPID-2699101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=2.9.0.0.0|\u003c=7.0.0.0.0",
"product": {
"name": "vers:oracle/\u003e=2.9.0.0.0|\u003c=7.0.0.0.0",
"product_id": "CSAFPID-1839884",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Revenue Management and Billing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=14.4.0.0.0|\u003c=14.7.0.0.0",
"product": {
"name": "vers:oracle/\u003e=14.4.0.0.0|\u003c=14.7.0.0.0",
"product_id": "CSAFPID-1839866",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product": {
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product_id": "CSAFPID-2698995",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Corporate Lending Process Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product": {
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product_id": "CSAFPID-1839867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Origination"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.0.8.1",
"product": {
"name": "vers:oracle/8.0.8.1",
"product_id": "CSAFPID-1839881",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.7",
"product": {
"name": "vers:oracle/8.1.2.7",
"product_id": "CSAFPID-1839880",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.8",
"product": {
"name": "vers:oracle/8.1.2.8",
"product_id": "CSAFPID-1839882",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.9",
"product": {
"name": "vers:oracle/8.1.2.9",
"product_id": "CSAFPID-2698954",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Behavior Detection Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.0.8",
"product": {
"name": "vers:oracle/8.0.8",
"product_id": "CSAFPID-1839878",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/14.7.0.7.0",
"product": {
"name": "vers:oracle/14.7.0.7.0",
"product_id": "CSAFPID-2698938",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.7.5.0.0",
"product": {
"name": "vers:oracle/14.7.5.0.0",
"product_id": "CSAFPID-1839923",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Liquidity Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.6",
"product": {
"name": "vers:oracle/8.1.2.6",
"product_id": "CSAFPID-1839871",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.9",
"product": {
"name": "vers:oracle/8.1.2.9",
"product_id": "CSAFPID-2699005",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Compliance Studio"
}
],
"category": "product_family",
"name": "Oracle Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/5.1.0.0.0",
"product": {
"name": "vers:semver/5.1.0.0.0",
"product_id": "CSAFPID-2698450"
}
},
{
"category": "product_version_range",
"name": "vers:semver/6.1.0.0.0",
"product": {
"name": "vers:semver/6.1.0.0.0",
"product_id": "CSAFPID-2698451"
}
},
{
"category": "product_version_range",
"name": "vers:semver/7.0.0.0.0",
"product": {
"name": "vers:semver/7.0.0.0.0",
"product_id": "CSAFPID-2698452"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Revenue Management and Billing"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-28170",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-28170",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2021-28170"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-39410",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2023-39410"
},
{
"cve": "CVE-2023-49582",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-49582",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49582.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2023-49582"
},
{
"cve": "CVE-2024-5206",
"cwe": {
"id": "CWE-921",
"name": "Storage of Sensitive Data in a Mechanism without Access Control"
},
"notes": [
{
"category": "other",
"text": "Storage of Sensitive Data in a Mechanism without Access Control",
"title": "CWE-921"
},
{
"category": "other",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5206",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5206.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-5206"
},
{
"cve": "CVE-2024-28168",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28168",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-28219",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Use of Potentially Dangerous Function",
"title": "CWE-676"
},
{
"category": "other",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28219",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "other",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35195",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38827",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38827",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-38827"
},
{
"cve": "CVE-2024-47072",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56128",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"notes": [
{
"category": "other",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56128",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56128.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-56128"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-21573",
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21573",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21573.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2025-21573"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23184.json"
}
],
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24970",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2025-24970"
}
]
}
NCSC-2025-0328
Vulnerability from csaf_ncscnl - Published: 2025-10-23 07:19 - Updated: 2025-10-23 07:19Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten
Interpretaties: De kwetsbaarheden in Oracle Database Server stellen ongeauthenticeerde aanvallers in staat om ongeoorloofde toegang te verkrijgen tot kritieke gegevens, wat kan leiden tot schending van de vertrouwelijkheid, integriteit en beschikbaarheid van de data. Specifieke kwetsbaarheden, zoals die in de Portable Clusterware en de Unified Audit componenten, kunnen worden misbruikt door aanvallers met beperkte privileges, wat aanzienlijke risico's met zich meebrengt. De CVSS-scores variëren van 2.7 tot 9.8, afhankelijk van de ernst van de kwetsbaarheid.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-125: Out-of-bounds Read
CWE-190: Integer Overflow or Wraparound
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-404: Improper Resource Shutdown or Release
CWE-502: Deserialization of Untrusted Data
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-827: Improper Control of Document Type Definition
CWE-937: CWE-937
CWE-1035: CWE-1035
Recent updates address vulnerabilities in various Oracle applications and Apache HttpComponents, with several rated as high risk, allowing potential remote exploitation affecting data integrity and system security.
5.3 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Critical vulnerabilities in Oracle GoldenGate Stream Analytics and Apache Ignite could allow unauthenticated access and arbitrary code execution, respectively, with severe implications for system integrity and security.
9.8 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
9.4 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Recent vulnerabilities in Oracle Database Server's SQLcl component and Eclipse JGit versions expose critical data to unauthorized access and denial of service through XML parsing flaws and require user interaction for exploitation.
9.8 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Multiple vulnerabilities in the Bouncy Castle Java library and Oracle GoldenGate products allow for excessive resource allocation and denial of service, affecting various versions and potentially leading to significant disruptions.
5.3 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Apache Tomcat versions 11.0.0-M1 to 11.0.8, 10.1.0-M1 to 10.1.42, and 9.0.0.M1 to 9.0.106 are vulnerable to Denial of Service due to an Integer Overflow vulnerability, while Oracle Graph Server versions 24.4.3 and 25.3.0 also exhibit a similar flaw.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
A vulnerability in Oracle Database Server's Portable Clusterware component affects specific versions, allowing unauthenticated network attackers to access certain data, with a CVSS score of 5.8 indicating confidentiality impacts.
5.8 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
A vulnerability in Oracle Database Server's RDBMS Functional Index component (versions 23.4-23.9) allows high-privileged SYSDBA attackers to potentially gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 2.7.
CWE-125 - Out-of-bounds ReadAffected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.
5.8 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
A vulnerability in Oracle Database Server's Unified Audit component (versions 23.4-23.9) allows high-privileged DBA attackers to compromise audit integrity, with a CVSS 3.1 Base Score of 2.7.
CWE-284 - Improper Access ControlAffected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
A vulnerability in Oracle Essbase version 21.7.3.0.0 allows low-privileged attackers with HTTP access to compromise the system, posing significant risks to data integrity and confidentiality with a CVSS score of 8.1.
8.1 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
A vulnerability in the Java VM component of Oracle Database Server allows unauthenticated network attackers to compromise the Java VM, potentially leading to unauthorized data manipulation, with a CVSS 3.1 Base Score of 5.9.
5.9 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Clusterware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate for Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Big Data
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Veridata
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / REST Data Services
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* |
References
16 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle Database Server stellen ongeauthenticeerde aanvallers in staat om ongeoorloofde toegang te verkrijgen tot kritieke gegevens, wat kan leiden tot schending van de vertrouwelijkheid, integriteit en beschikbaarheid van de data. Specifieke kwetsbaarheden, zoals die in de Portable Clusterware en de Unified Audit componenten, kunnen worden misbruikt door aanvallers met beperkte privileges, wat aanzienlijke risico\u0027s met zich meebrengt. De CVSS-scores vari\u00ebren van 2.7 tot 9.8, afhankelijk van de ernst van de kwetsbaarheid.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpuoct2025csaf.json"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database producten",
"tracking": {
"current_release_date": "2025-10-23T07:19:57.652532Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0328",
"initial_release_date": "2025-10-23T07:19:57.652532Z",
"revision_history": [
{
"date": "2025-10-23T07:19:57.652532Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Clusterware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Essbase"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Essbase Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "GoldenGate Big Data and Application Adapters"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "GoldenGate for Big Data"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Goldengate Application Adapters"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Goldengate Big Data"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Goldengate Veridata"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Graph Server And Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Java Virtual Machine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "REST Data Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "SQLcl"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in various Oracle applications and Apache HttpComponents, with several rated as high risk, allowing potential remote exploitation affecting data integrity and system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2024-52577",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle GoldenGate Stream Analytics and Apache Ignite could allow unauthenticated access and arbitrary code execution, respectively, with severe implications for system integrity and security.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52577 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-52577.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2024-52577"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Database Server\u0027s SQLcl component and Eclipse JGit versions expose critical data to unauthorized access and denial of service through XML parsing flaws and require user interaction for exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-8885",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities in the Bouncy Castle Java library and Oracle GoldenGate products allow for excessive resource allocation and denial of service, affecting various versions and potentially leading to significant disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8885 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8885.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-8885"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-52520",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "Apache Tomcat versions 11.0.0-M1 to 11.0.8, 10.1.0-M1 to 10.1.42, and 9.0.0.M1 to 9.0.106 are vulnerable to Denial of Service due to an Integer Overflow vulnerability, while Oracle Graph Server versions 24.4.3 and 25.3.0 also exhibit a similar flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52520 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52520.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53047",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s Portable Clusterware component affects specific versions, allowing unauthenticated network attackers to access certain data, with a CVSS score of 5.8 indicating confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53047 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53047.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-53047"
},
{
"cve": "CVE-2025-53051",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s RDBMS Functional Index component (versions 23.4-23.9) allows high-privileged SYSDBA attackers to potentially gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 2.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53051 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53051.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-53051"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-61749",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s Unified Audit component (versions 23.4-23.9) allows high-privileged DBA attackers to compromise audit integrity, with a CVSS 3.1 Base Score of 2.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61749 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61749.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61749"
},
{
"cve": "CVE-2025-61763",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Essbase version 21.7.3.0.0 allows low-privileged attackers with HTTP access to compromise the system, posing significant risks to data integrity and confidentiality with a CVSS score of 8.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61763 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61763"
},
{
"cve": "CVE-2025-61881",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in the Java VM component of Oracle Database Server allows unauthenticated network attackers to compromise the Java VM, potentially leading to unauthorized data manipulation, with a CVSS 3.1 Base Score of 5.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61881 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61881.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61881"
}
]
}
NCSC-2025-0329
Vulnerability from csaf_ncscnl - Published: 2025-10-23 07:20 - Updated: 2025-10-23 07:20Summary
Kwetsbaarheden verholpen in Oracle Commerce
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende subcomponenten van Oracle Commerce producten, waaronder Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, en Oracle Application Testing Suite.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om gedeeltelijke of volledige Denial of Service (DoS) te veroorzaken, met CVSS-scores variërend van 2.7 tot 7.5. Dit kan leiden tot systeemuitval en ongeoorloofde toegang tot gegevens. Aanvallers kunnen deze kwetsbaarheden misbruiken door specifieke verzoeken te sturen die de systemen overbelasten of door gebruik te maken van onbetrouwbare invoer. De kwetsbaarheden zijn aangetroffen in verschillende versies van de betrokken producten, wat de impact vergroot.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-937: CWE-937
CWE-1035: CWE-1035
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
CVE-2024-38820 identifies a vulnerability in the Spring Framework affecting multiple versions, while a separate issue in the Oracle Commerce Platform's Dynamo Application Framework allows low-privileged attackers to manipulate data.
CWE-20 - Improper Input ValidationAffected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebCenter Forms Recognition and Apache CXF expose systems to data compromise and denial of service risks, with CVSS scores indicating significant impacts on confidentiality, integrity, and availability.
5.6 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
References
9 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende subcomponenten van Oracle Commerce producten, waaronder Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, en Oracle Application Testing Suite.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om gedeeltelijke of volledige Denial of Service (DoS) te veroorzaken, met CVSS-scores vari\u00ebrend van 2.7 tot 7.5. Dit kan leiden tot systeemuitval en ongeoorloofde toegang tot gegevens. Aanvallers kunnen deze kwetsbaarheden misbruiken door specifieke verzoeken te sturen die de systemen overbelasten of door gebruik te maken van onbetrouwbare invoer. De kwetsbaarheden zijn aangetroffen in verschillende versies van de betrokken producten, wat de impact vergroot.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpuoct2025csaf.json"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2025-10-23T07:20:51.213314Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0329",
"initial_release_date": "2025-10-23T07:20:51.213314Z",
"revision_history": [
{
"date": "2025-10-23T07:20:51.213314Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Guided Search"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-22233",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "CVE-2024-38820 identifies a vulnerability in the Spring Framework affecting multiple versions, while a separate issue in the Oracle Commerce Platform\u0027s Dynamo Application Framework allows low-privileged attackers to manipulate data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22233 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-22233.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-22233"
},
{
"cve": "CVE-2025-48795",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebCenter Forms Recognition and Apache CXF expose systems to data compromise and denial of service risks, with CVSS scores indicating significant impacts on confidentiality, integrity, and availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48795"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-55163"
}
]
}
NCSC-2025-0330
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:20 - Updated: 2025-10-23 13:20Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.
Interpretaties: De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23: Relative Path Traversal
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-124: Buffer Underwrite ('Buffer Underflow')
CWE-125: Out-of-bounds Read
CWE-129: Improper Validation of Array Index
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-147: Improper Neutralization of Input Terminators
CWE-190: Integer Overflow or Wraparound
CWE-197: Numeric Truncation Error
CWE-241: Improper Handling of Unexpected Data Type
CWE-252: Unchecked Return Value
CWE-253: Incorrect Check of Function Return Value
CWE-284: Improper Access Control
CWE-287: Improper Authentication
CWE-290: Authentication Bypass by Spoofing
CWE-328: Use of Weak Hash
CWE-385: Covert Timing Channel
CWE-390: Detection of Error Condition Without Action
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-407: Inefficient Algorithmic Complexity
CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415: Double Free
CWE-416: Use After Free
CWE-426: Untrusted Search Path
CWE-440: Expected Behavior Violation
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476: NULL Pointer Dereference
CWE-674: Uncontrolled Recursion
CWE-697: Incorrect Comparison
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-789: Memory Allocation with Excessive Size Value
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1284: Improper Validation of Specified Quantity in Input
CWE-1333: Inefficient Regular Expression Complexity
Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.
6.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.
8.2 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.
4.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.
5.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.
5.9 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
9.4 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.
8.4 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The 'MadeYouReset' vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.
5.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl's WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.
CWE-1333 - Inefficient Regular Expression ComplexityAffected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.
9.8 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.
CWE-241 - Improper Handling of Unexpected Data TypeAffected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.
7.0 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications' Cloud Native Environment has a non-exploitable Security-in-Depth issue.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.
5.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.
8.1 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.
4.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS's certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle's flaw.
8.2 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.
8.6 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.
5.8 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.
8.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server's Perl component but is not exploitable.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
References
51 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2025-10-23T13:20:15.363063Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0330",
"initial_release_date": "2025-10-23T13:20:15.363063Z",
"revision_history": [
{
"date": "2025-10-23T13:20:15.363063Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications Cloud Native Core Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Management Cloud Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications Calendar Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Automated Test Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Binding Support Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Certificate Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core DBTier"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Repository Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Policy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Service Communication Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Unified Data Repository"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Converged Charging System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergent Charging Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Oracle Communications Diameter Signaling Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE Element Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE LNP Application Processor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Oracle Communications LSMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Oracle Communications Messaging Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Charging and Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Oracle Communications Offline Mediation Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Oracle Communications Service Catalog and Design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Operations Monitor"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-35164",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-35164"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-50609",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-50609"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-1948"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "description",
"text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3576 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5889 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7339",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7962",
"cwe": {
"id": "CWE-147",
"name": "Improper Neutralization of Input Terminators"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8058"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27587 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53547",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54090",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "other",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-54090"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-57803",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-57803"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-59375"
}
]
}
NCSC-2026-0028
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:10 - Updated: 2026-01-21 10:10Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Business Intelligence Enterprise Edition.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een Denial-of-Service te veroorzaken, of kunnen leiden tot ongeautoriseerde toegang en wijziging van kritieke gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-121: Stack-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-285: Improper Authorization
CWE-404: Improper Resource Shutdown or Release
CWE-502: Deserialization of Untrusted Data
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-787: Out-of-bounds Write
Multiple vulnerabilities across Oracle products, including Middleware, Business Intelligence, and SOA Suite, as well as XMLBeans, expose systems to unauthorized access and denial of service, with CVSS scores ranging from 7.3 to 9.1.
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Recent updates and vulnerabilities in Apache MINA SSHD, Oracle products, and Red Hat JBoss Data Grid highlight significant security risks, including unsafe Java deserialization and unauthenticated access leading to potential system compromises.
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Business Intelligence, Primavera Gateway, Oracle GoldenGate, and HPE Telco Service Orchestrator allow for denial of service, with CVSS scores ranging from 2.7 to 7.5.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.
6.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities affect Oracle Communications Unified Assurance and Oracle Business Intelligence Enterprise Edition, allowing denial of service attacks, while older jackson-core versions are prone to StackoverflowErrors when parsing nested data.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Business Intelligence Enterprise Edition (versions 7.6.0.0.0 and 8.2.0.0.0) allows low-privileged attackers to compromise the system, with a CVSS score of 7.1 indicating significant impacts on confidentiality and integrity.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
References
9 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Business Intelligence Enterprise Edition.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een Denial-of-Service te veroorzaken, of kunnen leiden tot ongeautoriseerde toegang en wijziging van kritieke gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Analytics",
"tracking": {
"current_release_date": "2026-01-21T10:10:15.985753Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0028",
"initial_release_date": "2026-01-21T10:10:15.985753Z",
"revision_history": [
{
"date": "2026-01-21T10:10:15.985753Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Business Intelligence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Business Intelligence Enterprise Edition"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23926",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Middleware, Business Intelligence, and SOA Suite, as well as XMLBeans, expose systems to unauthorized access and denial of service, with CVSS scores ranging from 7.3 to 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-23926 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-23926.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2021-23926"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Recent updates and vulnerabilities in Apache MINA SSHD, Oracle products, and Red Hat JBoss Data Grid highlight significant security risks, including unsafe Java deserialization and unauthenticated access leading to potential system compromises.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-45047 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-45047.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Business Intelligence, Primavera Gateway, Oracle GoldenGate, and HPE Telco Service Orchestrator allow for denial of service, with CVSS scores ranging from 2.7 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Oracle Communications Unified Assurance and Oracle Business Intelligence Enterprise Edition, allowing denial of service attacks, while older jackson-core versions are prone to StackoverflowErrors when parsing nested data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2026-21976",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Business Intelligence Enterprise Edition (versions 7.6.0.0.0 and 8.2.0.0.0) allows low-privileged attackers to compromise the system, with a CVSS score of 7.1 indicating significant impacts on confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-21976"
}
]
}
RHSA-2025:10092
Vulnerability from csaf_redhat - Published: 2025-07-01 13:48 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.18 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for Openshift Jenkins is now available for Red Hat Product OCP
Tools 4.18. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat Product OCP \nTools 4.18. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10092",
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10092.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.18 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:30+00:00",
"generator": {
"date": "2026-06-05T19:44:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10092",
"initial_release_date": "2025-07-01T13:48:03+00:00",
"revision_history": [
{
"date": "2025-07-01T13:48:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T13:48:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.18",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750846524-3.el9.src",
"product": {
"name": "jenkins-0:2.504.2.1750846524-3.el9.src",
"product_id": "jenkins-0:2.504.2.1750846524-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750846524-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.18.1750846854-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.18.1750846854-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.18.1750846854-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.18.1750846854-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750846524-3.el9.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750846524-3.el9.noarch",
"product_id": "jenkins-0:2.504.2.1750846524-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750846524-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.18.1750846854-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750846524-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750846524-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750846524-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src"
},
"product_reference": "jenkins-0:2.504.2.1750846524-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.18.1750846854-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.18.1750846854-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T13:48:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T13:48:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T13:48:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T13:48:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.504.2.1750846524-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1750846854-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10097
Vulnerability from csaf_redhat - Published: 2025-07-01 14:30 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.17. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP \nTools 4.17. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10097",
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10097.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:31+00:00",
"generator": {
"date": "2026-06-05T19:44:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10097",
"initial_release_date": "2025-07-01T14:30:33+00:00",
"revision_history": [
{
"date": "2025-07-01T14:30:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T14:30:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750851690-3.el9.src",
"product": {
"name": "jenkins-0:2.504.2.1750851690-3.el9.src",
"product_id": "jenkins-0:2.504.2.1750851690-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750851690-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1750851950-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.17.1750851950-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.17.1750851950-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1750851950-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750851690-3.el9.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750851690-3.el9.noarch",
"product_id": "jenkins-0:2.504.2.1750851690-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750851690-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1750851950-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750851690-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750851690-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750851690-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src"
},
"product_reference": "jenkins-0:2.504.2.1750851690-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1750851950-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.17.1750851950-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:30:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:30:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:30:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:30:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.504.2.1750851690-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1750851950-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10098
Vulnerability from csaf_redhat - Published: 2025-07-01 14:34 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.16. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError (CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP \nTools 4.16. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10098",
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10098.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:32+00:00",
"generator": {
"date": "2026-06-05T19:44:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10098",
"initial_release_date": "2025-07-01T14:34:48+00:00",
"revision_history": [
{
"date": "2025-07-01T14:34:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T14:34:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750857144-3.el9.src",
"product": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.src",
"product_id": "jenkins-0:2.504.2.1750857144-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750857144-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1750857315-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"product_id": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750857144-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1750857315-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src"
},
"product_reference": "jenkins-0:2.504.2.1750857144-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10104
Vulnerability from csaf_redhat - Published: 2025-07-01 14:56 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.15. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP \nTools 4.15. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10104",
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10104.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:33+00:00",
"generator": {
"date": "2026-06-05T19:44:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10104",
"initial_release_date": "2025-07-01T14:56:03+00:00",
"revision_history": [
{
"date": "2025-07-01T14:56:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T14:56:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.15::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750856366-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750856366-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750856366-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1750856638-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750856366-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1750856638-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750856366-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10118
Vulnerability from csaf_redhat - Published: 2025-07-01 16:36 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.12. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP\nTools 4.12. Red Hat Product Security has rated this update as having a\nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10118",
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10118.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:35+00:00",
"generator": {
"date": "2026-06-05T19:44:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10118",
"initial_release_date": "2025-07-01T16:36:58+00:00",
"revision_history": [
{
"date": "2025-07-01T16:36:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T16:36:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750932984-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750932984-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750932984-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1750933270-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750932984-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1750933270-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750932984-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…