Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-57699 (GCVE-0-2024-57699)
Vulnerability from cvelistv5 – Published: 2025-02-05 00:00 – Updated: 2025-02-06 15:15
VLAI
EPSS
Summary
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-674 - Uncontrolled Recursion
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:14:00.482073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:15:17.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \u2019{\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:38:33.811Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
},
{
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57699",
"datePublished": "2025-02-05T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-06T15:15:17.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-57699",
"date": "2026-06-05",
"epss": "0.00058",
"percentile": "0.18495"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-57699\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-02-05T22:15:33.183\",\"lastModified\":\"2025-02-06T16:15:41.170\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \u2019{\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un problema de seguridad en Netplex Json-smart 2.5.0 a 2.5.1. Al cargar una entrada JSON manipulado especial, que contiene una gran cantidad de \u2019{\u2019, se puede activar un agotamiento de la pila, lo que podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio (DoS). Este problema existe debido a una correcci\u00f3n incompleta de CVE-2023-1370.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"references\":[{\"url\":\"https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://nvd.nist.gov/vuln/detail/cve-2023-1370\",\"source\":\"cve@mitre.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-57699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T15:14:00.482073Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T15:14:58.541Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://nvd.nist.gov/vuln/detail/cve-2023-1370\"}, {\"url\": \"https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \\u2019{\\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-02-05T21:38:33.811Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-57699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-06T15:15:17.536Z\", \"dateReserved\": \"2025-01-09T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-02-05T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:10119
Vulnerability from csaf_redhat - Published: 2025-07-01 16:31 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for Openshift Jenkins is now available for Red Hat Product OCP
Tools 4.13. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat Product OCP \nTools 4.13. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10119",
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10119.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:35+00:00",
"generator": {
"date": "2026-06-05T19:44:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10119",
"initial_release_date": "2025-07-01T16:31:24+00:00",
"revision_history": [
{
"date": "2025-07-01T16:31:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T16:31:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750916374-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750916374-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750916374-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1750916671-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750916374-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1750916671-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750916374-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10120
Vulnerability from csaf_redhat - Published: 2025-07-01 16:53 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.14. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP \nTools 4.14. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10120",
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10120.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:36+00:00",
"generator": {
"date": "2026-06-05T19:44:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10120",
"initial_release_date": "2025-07-01T16:53:09+00:00",
"revision_history": [
{
"date": "2025-07-01T16:53:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T16:53:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750903189-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750903189-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750903189-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1750903529-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750903189-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1750903529-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750903189-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:3541
Vulnerability from csaf_redhat - Published: 2025-04-02 16:48 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.4.GA)
Severity
Important
Notes
Topic: An update for Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.4.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Important.
Details: An update for Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.4.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* quarkus-camel-bom: Potential DoS via stack exhaustion (CVE-2024-57699)
* com.redhat.quarkus.platform/quarkus-cxf-bom: SmallRye Fault Tolerance (CVE-2025-2240)
* com.redhat.quarkus.platform/quarkus-camel-bom: SmallRye Fault Tolerance (CVE-2025-2240)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.8 for Quarkus 3.15
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:camel_quarkus:3.15
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.8 for Quarkus 3.15
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:camel_quarkus:3.15
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.4.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Important.",
"title": "Topic"
},
{
"category": "general",
"text": "An update for Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.4.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* quarkus-camel-bom: Potential DoS via stack exhaustion (CVE-2024-57699)\n* com.redhat.quarkus.platform/quarkus-cxf-bom: SmallRye Fault Tolerance (CVE-2025-2240)\n* com.redhat.quarkus.platform/quarkus-camel-bom: SmallRye Fault Tolerance (CVE-2025-2240)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3541",
"url": "https://access.redhat.com/errata/RHSA-2025:3541"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-57699",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-2240",
"url": "https://access.redhat.com/security/cve/CVE-2025-2240"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2351452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351452"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3541.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.4.GA)",
"tracking": {
"current_release_date": "2026-06-05T19:44:36+00:00",
"generator": {
"date": "2026-06-05T19:44:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:3541",
"initial_release_date": "2025-04-02T16:48:42+00:00",
"revision_history": [
{
"date": "2025-04-02T16:48:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-02T16:48:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
"product": {
"name": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
"product_id": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_quarkus:3.15"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-02T16:48:42+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3541"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-2240",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2025-03-12T02:23:44.660000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351452"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "smallrye-fault-tolerance: SmallRye Fault Tolerance",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to cause an out-of-memory issue when calling the metrics URI, resulting in a denial of service. As this flaw can be triggered via the network, it has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2240"
},
{
"category": "external",
"summary": "RHBZ#2351452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351452"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2240"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4",
"url": "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4"
}
],
"release_date": "2025-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-02T16:48:42+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3541"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.8 for Quarkus 3.15"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "smallrye-fault-tolerance: SmallRye Fault Tolerance"
}
]
}
RHSA-2025:3543
Vulnerability from csaf_redhat - Published: 2025-04-02 20:19 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.5 for Spring Boot security update.
Severity
Important
Notes
Topic: Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)
* io.smallrye/smallrye-fault-tolerance-core: SmallRye Fault Tolerance (CVE-2025-2240)
* spring-security-core: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)
* io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine (CVE-2025-24970)
* org.apache.camel/camel-http: bypass of header filters via specially crafted response (CVE-2025-27636)
* org.apache.camel/camel-http-base: bypass of header filters via specially crafted response (CVE-2025-27636)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.8.5 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.8.5
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.8.5 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.8.5
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.8.5 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.8.5
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.8.5 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.8.5
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache Camel. This flaw allows an attacker to bypass filtering via a specially crafted request containing a certain combination of upper and lower case characters due to an issue in the default header filtering mechanism, which blocks headers starting with "Camel" or "camel."
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.8.5 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.8.5
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)\n\n* io.smallrye/smallrye-fault-tolerance-core: SmallRye Fault Tolerance (CVE-2025-2240)\n\n* spring-security-core: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)\n\n* io.netty/netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine (CVE-2025-24970)\n\n* org.apache.camel/camel-http: bypass of header filters via specially crafted response (CVE-2025-27636)\n\n* org.apache.camel/camel-http-base: bypass of header filters via specially crafted response (CVE-2025-27636)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3543",
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "2350682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350682"
},
{
"category": "external",
"summary": "2351452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351452"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3543.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.5 for Spring Boot security update.",
"tracking": {
"current_release_date": "2026-06-05T19:44:36+00:00",
"generator": {
"date": "2026-06-05T19:44:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:3543",
"initial_release_date": "2025-04-02T20:19:22+00:00",
"revision_history": [
{
"date": "2025-04-02T20:19:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-02T20:19:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.8.5 for Spring Boot",
"product": {
"name": "Red Hat build of Apache Camel 4.8.5 for Spring Boot",
"product_id": "Red Hat build of Apache Camel 4.8.5 for Spring Boot",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.8.5"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-02T20:19:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-2240",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2025-03-12T02:23:44.660000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351452"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "smallrye-fault-tolerance: SmallRye Fault Tolerance",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to cause an out-of-memory issue when calling the metrics URI, resulting in a denial of service. As this flaw can be triggered via the network, it has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2240"
},
{
"category": "external",
"summary": "RHBZ#2351452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351452"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2240"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4",
"url": "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4"
}
],
"release_date": "2025-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-02T20:19:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "smallrye-fault-tolerance: SmallRye Fault Tolerance"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-02T20:19:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-02T20:19:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
},
{
"cve": "CVE-2025-27636",
"cwe": {
"id": "CWE-644",
"name": "Improper Neutralization of HTTP Headers for Scripting Syntax"
},
"discovery_date": "2025-03-07T18:53:28.136000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2350682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Camel. This flaw allows an attacker to bypass filtering via a specially crafted request containing a certain combination of upper and lower case characters due to an issue in the default header filtering mechanism, which blocks headers starting with \"Camel\" or \"camel.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "camel-http: org.apache.camel: bypass of header filters via specially crafted response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as having Moderate impact because it can only be triggered under certain configurations and does not enable complete takeover of the system. In order to be vulnerable, a system using the Apache Camel Framework must specifically be using the camel-bean component as a producer and the exchange is coming from a http-based consumer, such as HTTP component or platform-http. If exploitation occurs, an attacker could call other methods on that bean already in the classpath, but not from other arbitrary java beans, System.getenv, nor part of JDK itself.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27636"
},
{
"category": "external",
"summary": "RHBZ#2350682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27636"
},
{
"category": "external",
"summary": "https://github.com/apache/camel/commit/781491b446921341f87a13824be4f7b5063776fc",
"url": "https://github.com/apache/camel/commit/781491b446921341f87a13824be4f7b5063776fc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z",
"url": "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z"
}
],
"release_date": "2025-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-02T20:19:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "workaround",
"details": "Remove headers from your Camel routes; this can be accomplished in several ways, including globally or per route.",
"product_ids": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.8.5 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "camel-http: org.apache.camel: bypass of header filters via specially crafted response"
}
]
}
RHSA-2025:8761
Vulnerability from csaf_redhat - Published: 2025-06-10 10:39 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: HawtIO 4.2.0 for Red Hat build of Apache Camel 4 Release and security update.
Severity
Important
Notes
Topic: HawtIO 4.2.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: HawtIO 4.2.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
* path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x (CVE-2024-52798);
* io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling (CVE-2024-12397);
* ParsePKCS1PrivateKey panic with partial keys in crypto/x509 (CVE-2025-22866);
* io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine (CVE-2025-24970);
* json-smart: Potential DoS via stack exhaustion (CVE-2024-57699).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HawtIO HawtIO 4.2.0
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_hawtio:4.2::el6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HawtIO HawtIO 4.2.0
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_hawtio:4.2::el6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HawtIO HawtIO 4.2.0
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_hawtio:4.2::el6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HawtIO HawtIO 4.2.0
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_hawtio:4.2::el6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HawtIO HawtIO 4.2.0
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_hawtio:4.2::el6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "HawtIO 4.2.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HawtIO 4.2.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\n* path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x (CVE-2024-52798);\n\n* io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling (CVE-2024-12397);\n\n* ParsePKCS1PrivateKey panic with partial keys in crypto/x509 (CVE-2025-22866);\n\n* io.netty/netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine (CVE-2025-24970);\n\n* json-smart: Potential DoS via stack exhaustion (CVE-2024-57699).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8761",
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "2331298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331298"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2344219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344219"
},
{
"category": "external",
"summary": "2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8761.json"
}
],
"title": "Red Hat Security Advisory: HawtIO 4.2.0 for Red Hat build of Apache Camel 4 Release and security update.",
"tracking": {
"current_release_date": "2026-06-05T19:44:37+00:00",
"generator": {
"date": "2026-06-05T19:44:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:8761",
"initial_release_date": "2025-06-10T10:39:32+00:00",
"revision_history": [
{
"date": "2025-06-10T10:39:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-10T10:39:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HawtIO HawtIO 4.2.0",
"product": {
"name": "HawtIO HawtIO 4.2.0",
"product_id": "HawtIO HawtIO 4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_hawtio:4.2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12397",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2024-12-10T01:15:33.380000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with\ncertain value-delimiting characters in incoming requests. This issue could\nallow an attacker to construct a cookie value to exfiltrate HttpOnly cookie\nvalues or spoof arbitrary additional cookie values, leading to unauthorized\ndata access or modification. The main threat from this flaw impacts data\nconfidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has evaluated this vulnerability. This is a very similar vulnerability to an Undertow, seen in CVE-2023-4639.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO HawtIO 4.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12397"
},
{
"category": "external",
"summary": "RHBZ#2331298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12397"
}
],
"release_date": "2024-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T10:39:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO HawtIO 4.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"HawtIO HawtIO 4.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"HawtIO HawtIO 4.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO HawtIO 4.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T10:39:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO HawtIO 4.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"HawtIO HawtIO 4.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HawtIO HawtIO 4.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO HawtIO 4.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T10:39:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO HawtIO 4.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"HawtIO HawtIO 4.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HawtIO HawtIO 4.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-22866",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-02-06T17:00:56.155646+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO HawtIO 4.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22866"
},
{
"category": "external",
"summary": "RHBZ#2344219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866"
},
{
"category": "external",
"summary": "https://go.dev/cl/643735",
"url": "https://go.dev/cl/643735"
},
{
"category": "external",
"summary": "https://go.dev/issue/71383",
"url": "https://go.dev/issue/71383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k",
"url": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3447",
"url": "https://pkg.go.dev/vuln/GO-2025-3447"
}
],
"release_date": "2025-02-06T16:54:10.252000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T10:39:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO HawtIO 4.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HawtIO HawtIO 4.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO HawtIO 4.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T10:39:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO HawtIO 4.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HawtIO HawtIO 4.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HawtIO HawtIO 4.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
}
]
}
WID-SEC-W-2025-0801
Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00Summary
Atlassian Bamboo: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Atlassian Bamboo ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo <10.2.3
Atlassian / Bamboo
|
<10.2.3 | ||
|
Atlassian Bamboo <9.6.11
Atlassian / Bamboo
|
<9.6.11 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Atlassian Bamboo ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0801 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0801.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0801 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0801"
},
{
"category": "external",
"summary": "Bamboo Data Center Security Vulnerability BAM-26070 vom 2025-04-15",
"url": "https://jira.atlassian.com/browse/BAM-26070"
},
{
"category": "external",
"summary": "Security Bulletin - April 15 2025 vom 2025-04-15",
"url": "https://confluence.atlassian.com/security/security-bulletin-april-15-2025-1540723536.html"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:15:57.658+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0801",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.3",
"product": {
"name": "Atlassian Bamboo \u003c10.2.3",
"product_id": "T042921"
}
},
{
"category": "product_version",
"name": "10.2.3",
"product": {
"name": "Atlassian Bamboo 10.2.3",
"product_id": "T042921-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.11",
"product": {
"name": "Atlassian Bamboo \u003c9.6.11",
"product_id": "T042922"
}
},
{
"category": "product_version",
"name": "9.6.11",
"product": {
"name": "Atlassian Bamboo 9.6.11",
"product_id": "T042922-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.11"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T042921",
"T042922"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
}
]
}
WID-SEC-W-2025-0811
Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00Summary
Oracle Policy Automation: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Policy Automation dient der automatisierten Verwaltung und Durchsetzung von Richtlinien.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Policy Automation ausnutzen, um die Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Policy Automation 12.2.0-12.2.36
Oracle / Policy Automation
|
cpe:/a:oracle:policy_automation:12.2.36
|
12.2.0-12.2.36 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Policy Automation 12.2.0-12.2.36
Oracle / Policy Automation
|
cpe:/a:oracle:policy_automation:12.2.36
|
12.2.0-12.2.36 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Policy Automation dient der automatisierten Verwaltung und Durchsetzung von Richtlinien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Policy Automation ausnutzen, um die Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0811 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0811.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0811 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0811"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Policy Automation vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixPOLI"
}
],
"source_lang": "en-US",
"title": "Oracle Policy Automation: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:00.386+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0811",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.0-12.2.36",
"product": {
"name": "Oracle Policy Automation 12.2.0-12.2.36",
"product_id": "T042828",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:policy_automation:12.2.36"
}
}
}
],
"category": "product_name",
"name": "Policy Automation"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T042828"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T042828"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
}
]
}
WID-SEC-W-2025-0819
Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0
|
2.9.0.0.0-7.0.0.0.0 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.0
|
8.1.2.7.0 | |
|
Oracle Financial Services Applications 8.1.1.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.4
|
8.1.1.4 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 5.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:5.1.0.0.0
|
5.1.0.0.0 | |
|
Oracle Financial Services Applications 8.1.2.9
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.9
|
8.1.2.9 | |
|
Oracle Financial Services Applications 8.1.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.8
|
8.1.2.8 | |
|
Oracle Financial Services Applications 14.7.0.7.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.7.0
|
14.7.0.7.0 | |
|
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.5.0.0.0-14.7.0.0.0 | |
|
Oracle Financial Services Applications 22.2.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2.0.0.0
|
22.2.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.6
|
8.0.8.6 | |
|
Oracle Financial Services Applications 8.0.7.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.8
|
8.0.7.8 | |
|
Oracle Financial Services Applications 21.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1.0.0.0
|
21.1.0.0.0 | |
|
Oracle Financial Services Applications 7.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:7.0.0.0.0
|
7.0.0.0.0 | |
|
Oracle Financial Services Applications 22.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1.0.0.0
|
22.1.0.0.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0819 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0819.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0819 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0819"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Financial Services Applications vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixIFLX"
}
],
"source_lang": "en-US",
"title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:23.001+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0819",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.0.8",
"product": {
"name": "Oracle Financial Services Applications 8.0.8",
"product_id": "T021677",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8"
}
}
},
{
"category": "product_version",
"name": "8.0.8.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.1",
"product_id": "T022844",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
}
}
},
{
"category": "product_version",
"name": "21.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 21.1.0.0.0",
"product_id": "T028695",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:21.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "22.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 22.1.0.0.0",
"product_id": "T028696",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "22.2.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 22.2.0.0.0",
"product_id": "T028697",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.2.0.0.0"
}
}
},
{
"category": "product_version",
"name": "14.5.0.0.0-14.7.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0",
"product_id": "T028702",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.5",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.5",
"product_id": "T028706",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5"
}
}
},
{
"category": "product_version",
"name": "6.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 6.1.0.0.0",
"product_id": "T036223",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:6.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.8",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.8",
"product_id": "T038392",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.8"
}
}
},
{
"category": "product_version",
"name": "7.0.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 7.0.0.0.0",
"product_id": "T040463",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:7.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.0.7.8",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.8",
"product_id": "T040464",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8"
}
}
},
{
"category": "product_version",
"name": "8.0.8.6",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.6",
"product_id": "T040465",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.6"
}
}
},
{
"category": "product_version",
"name": "2.9.0.0.0-7.0.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0",
"product_id": "T040516",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.7.0",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.7.0",
"product_id": "T042808",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.7.0"
}
}
},
{
"category": "product_version",
"name": "8.1.1.4",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.4",
"product_id": "T042809",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.4"
}
}
},
{
"category": "product_version",
"name": "5.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 5.1.0.0.0",
"product_id": "T042810",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:5.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.9",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.9",
"product_id": "T042811",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.9"
}
}
},
{
"category": "product_version",
"name": "14.7.0.7.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.0.7.0",
"product_id": "T042812",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.7.0"
}
}
}
],
"category": "product_name",
"name": "Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-28170",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2021-28170"
},
{
"cve": "CVE-2023-39410",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2023-39410"
},
{
"cve": "CVE-2023-49582",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2023-49582"
},
{
"cve": "CVE-2024-28168",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-28219",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-35195",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-37891",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38819",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38827",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38827"
},
{
"cve": "CVE-2024-47072",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-5206",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-5206"
},
{
"cve": "CVE-2024-56128",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-56128"
},
{
"cve": "CVE-2024-56337",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-21573",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21573"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-24970",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-24970"
}
]
}
WID-SEC-W-2025-0820
Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00Summary
Oracle Enterprise Manager: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 13.3.0.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.3.0.1
|
13.3.0.1 | |
|
Oracle Enterprise Manager 13.5.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5.0.0.0
|
13.5.0.0.0 | |
|
Oracle Enterprise Manager 24.1.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:24.1.0.0.0
|
24.1.0.0.0 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 13.3.0.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.3.0.1
|
13.3.0.1 | |
|
Oracle Enterprise Manager 13.5.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5.0.0.0
|
13.5.0.0.0 | |
|
Oracle Enterprise Manager 24.1.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:24.1.0.0.0
|
24.1.0.0.0 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 13.3.0.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.3.0.1
|
13.3.0.1 | |
|
Oracle Enterprise Manager 13.5.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5.0.0.0
|
13.5.0.0.0 | |
|
Oracle Enterprise Manager 24.1.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:24.1.0.0.0
|
24.1.0.0.0 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 13.3.0.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.3.0.1
|
13.3.0.1 | |
|
Oracle Enterprise Manager 13.5.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5.0.0.0
|
13.5.0.0.0 | |
|
Oracle Enterprise Manager 24.1.0.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:24.1.0.0.0
|
24.1.0.0.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle f\u00fcr Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0820 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0820.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0820 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0820"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Enterprise Manager vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixEM"
}
],
"source_lang": "en-US",
"title": "Oracle Enterprise Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:23.337+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0820",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "13.3.0.1",
"product": {
"name": "Oracle Enterprise Manager 13.3.0.1",
"product_id": "T018974",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.3.0.1"
}
}
},
{
"category": "product_version",
"name": "13.5.0.0.0",
"product": {
"name": "Oracle Enterprise Manager 13.5.0.0.0",
"product_id": "T042806",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.5.0.0.0"
}
}
},
{
"category": "product_version",
"name": "24.1.0.0.0",
"product": {
"name": "Oracle Enterprise Manager 24.1.0.0.0",
"product_id": "T042807",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:24.1.0.0.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Manager"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45047",
"product_status": {
"known_affected": [
"T018974",
"T042806",
"T042807"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T018974",
"T042806",
"T042807"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2024-52046",
"product_status": {
"known_affected": [
"T018974",
"T042806",
"T042807"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T018974",
"T042806",
"T042807"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
}
]
}
WID-SEC-W-2025-0822
Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00Summary
Oracle Construction and Engineering: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Construction and Engineering ist eine Sammlung von Werkzeugen zur Unterstützung von Bau- und Ingenieurbüros. Sie umfasst u. a. Projektmanagement-Lösungen zur Verwaltung von Projekte, zur Schaffung von Transparenz, zur Zusammenarbeit und zur Verwaltung von Änderungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Construction and Engineering ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Last affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Construction and Engineering <=20.12.17
Oracle / Construction and Engineering
|
<=20.12.17 | ||
|
Oracle Construction and Engineering <=23.12.13
Oracle / Construction and Engineering
|
<=23.12.13 | ||
|
Oracle Construction and Engineering <=21.12.17
Oracle / Construction and Engineering
|
<=21.12.17 | ||
|
Oracle Construction and Engineering <=24.12.3
Oracle / Construction and Engineering
|
<=24.12.3 | ||
|
Oracle Construction and Engineering <=20.12.16
Oracle / Construction and Engineering
|
<=20.12.16 | ||
|
Oracle Construction and Engineering <=21.12.15
Oracle / Construction and Engineering
|
<=21.12.15 | ||
|
Oracle Construction and Engineering <=22.12.18
Oracle / Construction and Engineering
|
<=22.12.18 | ||
|
Oracle Construction and Engineering <=24.12.2
Oracle / Construction and Engineering
|
<=24.12.2 | ||
|
Oracle Construction and Engineering <=22.12.15
Oracle / Construction and Engineering
|
<=22.12.15 |
Affected products
Last affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Construction and Engineering <=20.12.17
Oracle / Construction and Engineering
|
<=20.12.17 | ||
|
Oracle Construction and Engineering <=23.12.13
Oracle / Construction and Engineering
|
<=23.12.13 | ||
|
Oracle Construction and Engineering <=21.12.17
Oracle / Construction and Engineering
|
<=21.12.17 | ||
|
Oracle Construction and Engineering <=24.12.3
Oracle / Construction and Engineering
|
<=24.12.3 | ||
|
Oracle Construction and Engineering <=20.12.16
Oracle / Construction and Engineering
|
<=20.12.16 | ||
|
Oracle Construction and Engineering <=21.12.15
Oracle / Construction and Engineering
|
<=21.12.15 | ||
|
Oracle Construction and Engineering <=22.12.18
Oracle / Construction and Engineering
|
<=22.12.18 | ||
|
Oracle Construction and Engineering <=24.12.2
Oracle / Construction and Engineering
|
<=24.12.2 | ||
|
Oracle Construction and Engineering <=22.12.15
Oracle / Construction and Engineering
|
<=22.12.15 |
Affected products
Last affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Construction and Engineering <=20.12.17
Oracle / Construction and Engineering
|
<=20.12.17 | ||
|
Oracle Construction and Engineering <=23.12.13
Oracle / Construction and Engineering
|
<=23.12.13 | ||
|
Oracle Construction and Engineering <=21.12.17
Oracle / Construction and Engineering
|
<=21.12.17 | ||
|
Oracle Construction and Engineering <=24.12.3
Oracle / Construction and Engineering
|
<=24.12.3 | ||
|
Oracle Construction and Engineering <=20.12.16
Oracle / Construction and Engineering
|
<=20.12.16 | ||
|
Oracle Construction and Engineering <=21.12.15
Oracle / Construction and Engineering
|
<=21.12.15 | ||
|
Oracle Construction and Engineering <=22.12.18
Oracle / Construction and Engineering
|
<=22.12.18 | ||
|
Oracle Construction and Engineering <=24.12.2
Oracle / Construction and Engineering
|
<=24.12.2 | ||
|
Oracle Construction and Engineering <=22.12.15
Oracle / Construction and Engineering
|
<=22.12.15 |
Affected products
Last affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Construction and Engineering <=20.12.17
Oracle / Construction and Engineering
|
<=20.12.17 | ||
|
Oracle Construction and Engineering <=23.12.13
Oracle / Construction and Engineering
|
<=23.12.13 | ||
|
Oracle Construction and Engineering <=21.12.17
Oracle / Construction and Engineering
|
<=21.12.17 | ||
|
Oracle Construction and Engineering <=24.12.3
Oracle / Construction and Engineering
|
<=24.12.3 | ||
|
Oracle Construction and Engineering <=20.12.16
Oracle / Construction and Engineering
|
<=20.12.16 | ||
|
Oracle Construction and Engineering <=21.12.15
Oracle / Construction and Engineering
|
<=21.12.15 | ||
|
Oracle Construction and Engineering <=22.12.18
Oracle / Construction and Engineering
|
<=22.12.18 | ||
|
Oracle Construction and Engineering <=24.12.2
Oracle / Construction and Engineering
|
<=24.12.2 | ||
|
Oracle Construction and Engineering <=22.12.15
Oracle / Construction and Engineering
|
<=22.12.15 |
Affected products
Last affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Construction and Engineering <=20.12.17
Oracle / Construction and Engineering
|
<=20.12.17 | ||
|
Oracle Construction and Engineering <=23.12.13
Oracle / Construction and Engineering
|
<=23.12.13 | ||
|
Oracle Construction and Engineering <=21.12.17
Oracle / Construction and Engineering
|
<=21.12.17 | ||
|
Oracle Construction and Engineering <=24.12.3
Oracle / Construction and Engineering
|
<=24.12.3 | ||
|
Oracle Construction and Engineering <=20.12.16
Oracle / Construction and Engineering
|
<=20.12.16 | ||
|
Oracle Construction and Engineering <=21.12.15
Oracle / Construction and Engineering
|
<=21.12.15 | ||
|
Oracle Construction and Engineering <=22.12.18
Oracle / Construction and Engineering
|
<=22.12.18 | ||
|
Oracle Construction and Engineering <=24.12.2
Oracle / Construction and Engineering
|
<=24.12.2 | ||
|
Oracle Construction and Engineering <=22.12.15
Oracle / Construction and Engineering
|
<=22.12.15 |
Affected products
Last affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Construction and Engineering <=20.12.17
Oracle / Construction and Engineering
|
<=20.12.17 | ||
|
Oracle Construction and Engineering <=23.12.13
Oracle / Construction and Engineering
|
<=23.12.13 | ||
|
Oracle Construction and Engineering <=21.12.17
Oracle / Construction and Engineering
|
<=21.12.17 | ||
|
Oracle Construction and Engineering <=24.12.3
Oracle / Construction and Engineering
|
<=24.12.3 | ||
|
Oracle Construction and Engineering <=20.12.16
Oracle / Construction and Engineering
|
<=20.12.16 | ||
|
Oracle Construction and Engineering <=21.12.15
Oracle / Construction and Engineering
|
<=21.12.15 | ||
|
Oracle Construction and Engineering <=22.12.18
Oracle / Construction and Engineering
|
<=22.12.18 | ||
|
Oracle Construction and Engineering <=24.12.2
Oracle / Construction and Engineering
|
<=24.12.2 | ||
|
Oracle Construction and Engineering <=22.12.15
Oracle / Construction and Engineering
|
<=22.12.15 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Construction and Engineering ist eine Sammlung von Werkzeugen zur Unterst\u00fctzung von Bau- und Ingenieurb\u00fcros. Sie umfasst u. a. Projektmanagement-L\u00f6sungen zur Verwaltung von Projekte, zur Schaffung von Transparenz, zur Zusammenarbeit und zur Verwaltung von \u00c4nderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Construction and Engineering ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0822 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0822.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0822 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0822"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Construction and Engineering vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixPVA"
}
],
"source_lang": "en-US",
"title": "Oracle Construction and Engineering: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:23.920+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0822",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=20.12.16",
"product": {
"name": "Oracle Construction and Engineering \u003c=20.12.16",
"product_id": "T027346"
}
},
{
"category": "product_version_range",
"name": "\u003c=20.12.16",
"product": {
"name": "Oracle Construction and Engineering \u003c=20.12.16",
"product_id": "T027346-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=21.12.15",
"product": {
"name": "Oracle Construction and Engineering \u003c=21.12.15",
"product_id": "T028688"
}
},
{
"category": "product_version_range",
"name": "\u003c=21.12.15",
"product": {
"name": "Oracle Construction and Engineering \u003c=21.12.15",
"product_id": "T028688-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=21.12.17",
"product": {
"name": "Oracle Construction and Engineering \u003c=21.12.17",
"product_id": "T032097"
}
},
{
"category": "product_version_range",
"name": "\u003c=21.12.17",
"product": {
"name": "Oracle Construction and Engineering \u003c=21.12.17",
"product_id": "T032097-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=22.12.15",
"product": {
"name": "Oracle Construction and Engineering \u003c=22.12.15",
"product_id": "T040454"
}
},
{
"category": "product_version_range",
"name": "\u003c=22.12.15",
"product": {
"name": "Oracle Construction and Engineering \u003c=22.12.15",
"product_id": "T040454-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=20.12.17",
"product": {
"name": "Oracle Construction and Engineering \u003c=20.12.17",
"product_id": "T042801"
}
},
{
"category": "product_version_range",
"name": "\u003c=20.12.17",
"product": {
"name": "Oracle Construction and Engineering \u003c=20.12.17",
"product_id": "T042801-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.12.13",
"product": {
"name": "Oracle Construction and Engineering \u003c=23.12.13",
"product_id": "T042802"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.12.13",
"product": {
"name": "Oracle Construction and Engineering \u003c=23.12.13",
"product_id": "T042802-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=24.12.3",
"product": {
"name": "Oracle Construction and Engineering \u003c=24.12.3",
"product_id": "T042803"
}
},
{
"category": "product_version_range",
"name": "\u003c=24.12.3",
"product": {
"name": "Oracle Construction and Engineering \u003c=24.12.3",
"product_id": "T042803-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=22.12.18",
"product": {
"name": "Oracle Construction and Engineering \u003c=22.12.18",
"product_id": "T042804"
}
},
{
"category": "product_version_range",
"name": "\u003c=22.12.18",
"product": {
"name": "Oracle Construction and Engineering \u003c=22.12.18",
"product_id": "T042804-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=24.12.2",
"product": {
"name": "Oracle Construction and Engineering \u003c=24.12.2",
"product_id": "T042805"
}
},
{
"category": "product_version_range",
"name": "\u003c=24.12.2",
"product": {
"name": "Oracle Construction and Engineering \u003c=24.12.2",
"product_id": "T042805-fixed"
}
}
],
"category": "product_name",
"name": "Construction and Engineering"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38819",
"product_status": {
"last_affected": [
"T042801",
"T042802",
"T032097",
"T042803",
"T027346",
"T028688",
"T042804",
"T042805",
"T040454"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"last_affected": [
"T042801",
"T042802",
"T032097",
"T042803",
"T027346",
"T028688",
"T042804",
"T042805",
"T040454"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-49771",
"product_status": {
"last_affected": [
"T042801",
"T042802",
"T032097",
"T042803",
"T027346",
"T028688",
"T042804",
"T042805",
"T040454"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-49771"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"last_affected": [
"T042801",
"T042802",
"T032097",
"T042803",
"T027346",
"T028688",
"T042804",
"T042805",
"T040454"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2024-7254",
"product_status": {
"last_affected": [
"T042801",
"T042802",
"T032097",
"T042803",
"T027346",
"T028688",
"T042804",
"T042805",
"T040454"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"last_affected": [
"T042801",
"T042802",
"T032097",
"T042803",
"T027346",
"T028688",
"T042804",
"T042805",
"T040454"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-23184"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…