Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-31672 (GCVE-0-2025-31672)
Vulnerability from cvelistv5 – Published: 2025-04-09 11:59 – Updated: 2025-05-23 13:11
VLAI
EPSS
Title
Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names
Summary
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.
This issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.
Users are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache POI |
Affected:
0 , < 5.4.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-23T13:11:07.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/08/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T17:06:29.220111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T17:06:47.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.poi:poi-ooxml",
"product": "Apache POI",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.\u003cbr\u003eThis issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.\u003cbr\u003eUsers are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://poi.apache.org/security.html\"\u003ehttps://poi.apache.org/security.html\u003c/a\u003e for recommendations about how to use the POI libraries securely."
}
],
"value": "Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.\nThis issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.\nUsers are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T11:59:33.900Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=69620"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/k14w8vcjqy4h34hh5kzldko78kpylkq5"
}
],
"source": {
"defect": [
"bug-69620"
],
"discovery": "INTERNAL"
},
"title": "Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-31672",
"datePublished": "2025-04-09T11:59:33.900Z",
"dateReserved": "2025-03-31T21:16:14.017Z",
"dateUpdated": "2025-05-23T13:11:07.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-31672",
"date": "2026-06-04",
"epss": "0.00521",
"percentile": "0.67201"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-31672\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-04-09T12:15:15.563\",\"lastModified\":\"2025-07-15T19:08:21.700\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.\\nThis issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.\\nUsers are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache POI. El problema afecta al an\u00e1lisis de archivos con formato OOXML como xlsx, docx y pptx. Estos formatos de archivo son b\u00e1sicamente archivos zip y es posible que usuarios maliciosos agreguen entradas zip con nombres duplicados (incluida la ruta) al archivo zip. En este caso, los productos que lean el archivo afectado podr\u00edan leer datos diferentes, ya que se selecciona una de las entradas zip con el nombre duplicado en lugar de otra, pero otros productos podr\u00edan elegir una entrada zip diferente. Este problema afecta a Apache POI poi-ooxml anterior a la versi\u00f3n 5.4.0. poi-ooxml 5.4.0 tiene una comprobaci\u00f3n que genera una excepci\u00f3n si se encuentran entradas zip con nombres de archivo duplicados en el archivo de entrada. Se recomienda a los usuarios actualizar a la versi\u00f3n poi-ooxml 5.4.0, que soluciona el problema. Consulte https://poi.apache.org/security.html para obtener recomendaciones sobre c\u00f3mo usar las bibliotecas de POI de forma segura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.4.0\",\"matchCriteriaId\":\"76CA0695-D40A-4BED-9DE8-6CF8CE7C00C9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}]}]}],\"references\":[{\"url\":\"https://bz.apache.org/bugzilla/show_bug.cgi?id=69620\",\"source\":\"security@apache.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.apache.org/thread/k14w8vcjqy4h34hh5kzldko78kpylkq5\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/04/08/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20250523-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/08/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250523-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-23T13:11:07.642Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31672\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-18T17:06:29.220111Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-18T17:05:36.527Z\"}}], \"cna\": {\"title\": \"Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names\", \"source\": {\"defect\": [\"bug-69620\"], \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache POI\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.4.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.poi:poi-ooxml\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://bz.apache.org/bugzilla/show_bug.cgi?id=69620\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://lists.apache.org/thread/k14w8vcjqy4h34hh5kzldko78kpylkq5\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.\\nThis issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.\\nUsers are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.\u003cbr\u003eThis issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.\u003cbr\u003eUsers are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://poi.apache.org/security.html\\\"\u003ehttps://poi.apache.org/security.html\u003c/a\u003e for recommendations about how to use the POI libraries securely.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-04-09T11:59:33.900Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-31672\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-23T13:11:07.642Z\", \"dateReserved\": \"2025-03-31T21:16:14.017Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-04-09T11:59:33.900Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
NCSC-2025-0340
Vulnerability from csaf_ncscnl - Published: 2025-10-23 14:13 - Updated: 2025-10-23 14:13Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft (Specifiek voor versies 8.60, 8.61, 8.62 en 9.2).
Interpretaties: De kwetsbaarheden in Oracle PeopleSoft stellen aanvallers in staat om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en kunnen leiden tot gegevensmanipulatie. Dit omvat kwetsbaarheden die het mogelijk maken voor zowel laag- als hooggeprivilegieerde aanvallers om via HTTP toegang te krijgen tot kritieke data, met een CVSS-score variërend van 4.3 tot 7.5, wat wijst op aanzienlijke risico's voor de vertrouwelijkheid en integriteit van de gegevens. De kwetsbaarheden zijn te vinden in verschillende componenten zoals OpenSearch Dashboards, PeopleTools, en IT Asset Management.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-125: Out-of-bounds Read
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-295: Improper Certificate Validation
CWE-400: Uncontrolled Resource Consumption
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-674: Uncontrolled Recursion
Oracle PeopleSoft's OpenSearch Dashboards (version 8.62) has a vulnerability allowing low-privileged attackers to exploit the system via HTTP, while earlier OpenSearch versions are vulnerable to XSS attacks due to unsanitized Markdown.
6.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
9.4 (Critical)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
OpenSSL 3.5 has a critical bug in the -addreject option that mislabels trusted certificates, while also being vulnerable to unauthorized data modification, alongside a separate vulnerability in Oracle Communications Cloud Native Core Certificate Management 25.1.200.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.
6.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent vulnerabilities in urllib3 and Oracle PeopleSoft's PeopleTools expose systems to SSRF attacks and unauthorized data access, with specific issues related to redirect handling and low-privileged access.
5.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Rich Text Editor component in versions 8.60, 8.61, and 8.62 allows low-privileged attackers to compromise the system through human interaction, risking unauthorized data access and modifications.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Performance Monitor component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to execute a denial of service attack via HTTP, with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.
6.1 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's OpenSearch Dashboards (versions 8.60, 8.61, and 8.62) allows high-privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows high-privileged attackers to compromise the system, impacting data confidentiality and integrity with a CVSS score of 5.5.
5.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows low-privileged attackers to compromise the system, posing a moderate risk with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications, with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.61 and 8.62) allows low-privileged attackers to gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 4.3 indicating confidentiality impacts.
4.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft IT Asset Management 9.2 allows low-privileged attackers with network access to compromise the system, posing significant confidentiality risks with a CVSS score of 6.5.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's FIN Maintenance Management product (version 9.2) allows low-privileged attackers to compromise data, resulting in unauthorized updates, deletions, and read access, with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's FIN Payables product (version 9.2) allows low-privileged attackers to exploit the system via HTTP, potentially leading to unauthorized data access and partial denial of service, with a CVSS score of 6.3.
6.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
References
19 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft (Specifiek voor versies 8.60, 8.61, 8.62 en 9.2).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle PeopleSoft stellen aanvallers in staat om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en kunnen leiden tot gegevensmanipulatie. Dit omvat kwetsbaarheden die het mogelijk maken voor zowel laag- als hooggeprivilegieerde aanvallers om via HTTP toegang te krijgen tot kritieke data, met een CVSS-score vari\u00ebrend van 4.3 tot 7.5, wat wijst op aanzienlijke risico\u0027s voor de vertrouwelijkheid en integriteit van de gegevens. De kwetsbaarheden zijn te vinden in verschillende componenten zoals OpenSearch Dashboards, PeopleTools, en IT Asset Management.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2025-10-23T14:13:39.969386Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0340",
"initial_release_date": "2025-10-23T14:13:39.969386Z",
"revision_history": [
{
"date": "2025-10-23T14:13:39.969386Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise CS Financial Aid"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN IT Asset Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Maintenance Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Payables"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-54160",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Oracle PeopleSoft\u0027s OpenSearch Dashboards (version 8.62) has a vulnerability allowing low-privileged attackers to exploit the system via HTTP, while earlier OpenSearch versions are vulnerable to XSS attacks due to unsanitized Markdown.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54160 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-54160.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2024-54160"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4575",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "OpenSSL 3.5 has a critical bug in the -addreject option that mislabels trusted certificates, while also being vulnerable to unauthorized data modification, alongside a separate vulnerability in Oracle Communications Cloud Native Core Certificate Management 25.1.200.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4575 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4575.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-4575"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50181",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "description",
"text": "Recent vulnerabilities in urllib3 and Oracle PeopleSoft\u0027s PeopleTools expose systems to SSRF attacks and unauthorized data access, with specific issues related to redirect handling and low-privileged access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50181 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50181.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-50181"
},
{
"cve": "CVE-2025-53048",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Rich Text Editor component in versions 8.60, 8.61, and 8.62 allows low-privileged attackers to compromise the system through human interaction, risking unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53048"
},
{
"cve": "CVE-2025-53050",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Performance Monitor component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to execute a denial of service attack via HTTP, with a CVSS score of 7.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53050 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53050.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53050"
},
{
"cve": "CVE-2025-53055",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53055 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53055.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53055"
},
{
"cve": "CVE-2025-53059",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s OpenSearch Dashboards (versions 8.60, 8.61, and 8.62) allows high-privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53059"
},
{
"cve": "CVE-2025-53061",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows high-privileged attackers to compromise the system, impacting data confidentiality and integrity with a CVSS score of 5.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53061 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53061.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53061"
},
{
"cve": "CVE-2025-53063",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows low-privileged attackers to compromise the system, posing a moderate risk with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53063 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53063.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53063"
},
{
"cve": "CVE-2025-53065",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53065 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53065.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53065"
},
{
"cve": "CVE-2025-61750",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.61 and 8.62) allows low-privileged attackers to gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 4.3 indicating confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61750 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61750"
},
{
"cve": "CVE-2025-61758",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft IT Asset Management 9.2 allows low-privileged attackers with network access to compromise the system, posing significant confidentiality risks with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61758 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61758.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61758"
},
{
"cve": "CVE-2025-61761",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s FIN Maintenance Management product (version 9.2) allows low-privileged attackers to compromise data, resulting in unauthorized updates, deletions, and read access, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61761 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61761.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61761"
},
{
"cve": "CVE-2025-61762",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s FIN Payables product (version 9.2) allows low-privileged attackers to exploit the system via HTTP, potentially leading to unauthorized data access and partial denial of service, with a CVSS score of 6.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61762 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61762"
}
]
}
NCSC-2026-0027
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:08 - Updated: 2026-01-21 10:08Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.
Interpretaties: De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-117: Improper Output Neutralization for Logs
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-252: Unchecked Return Value
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-289: Authentication Bypass by Alternate Name
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-457: Use of Uninitialized Variable
CWE-476: NULL Pointer Dereference
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-827: Improper Control of Document Type Definition
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.
7.8 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.
7.2 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.
8.6 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.
8.7 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.
9.1 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.
5.9 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.
6.3 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.
9.1 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.
5.8 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft's OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
References
29 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "general",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2026-01-21T10:08:59.379774Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0027",
"initial_release_date": "2026-01-21T10:08:59.379774Z",
"revision_history": [
{
"date": "2026-01-21T10:08:59.379774Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Data Integrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Identity Manager Connector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Business Process Management Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Global Lifecycle Management NextGen OUI Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Identity Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Security Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Service Bus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Unified Directory"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Enterprise Capture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Service Delivery Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "WebCenter Sites"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-45105 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-45105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2022-41342",
"notes": [
{
"category": "description",
"text": "Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41342 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41342.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-42516",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-42516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43204 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-43204.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-47252",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "other",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47252 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56406",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56406 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56406.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-23048",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41248 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-43967",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-54988",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft\u0027s OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21962",
"notes": [
{
"category": "description",
"text": "A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2026-21962"
}
]
}
NCSC-2026-0028
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:10 - Updated: 2026-01-21 10:10Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Business Intelligence Enterprise Edition.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een Denial-of-Service te veroorzaken, of kunnen leiden tot ongeautoriseerde toegang en wijziging van kritieke gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-121: Stack-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-285: Improper Authorization
CWE-404: Improper Resource Shutdown or Release
CWE-502: Deserialization of Untrusted Data
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-787: Out-of-bounds Write
Multiple vulnerabilities across Oracle products, including Middleware, Business Intelligence, and SOA Suite, as well as XMLBeans, expose systems to unauthorized access and denial of service, with CVSS scores ranging from 7.3 to 9.1.
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Recent updates and vulnerabilities in Apache MINA SSHD, Oracle products, and Red Hat JBoss Data Grid highlight significant security risks, including unsafe Java deserialization and unauthenticated access leading to potential system compromises.
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Business Intelligence, Primavera Gateway, Oracle GoldenGate, and HPE Telco Service Orchestrator allow for denial of service, with CVSS scores ranging from 2.7 to 7.5.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.
6.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities affect Oracle Communications Unified Assurance and Oracle Business Intelligence Enterprise Edition, allowing denial of service attacks, while older jackson-core versions are prone to StackoverflowErrors when parsing nested data.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Business Intelligence Enterprise Edition (versions 7.6.0.0.0 and 8.2.0.0.0) allows low-privileged attackers to compromise the system, with a CVSS score of 7.1 indicating significant impacts on confidentiality and integrity.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Business Intelligence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Business Intelligence Enterprise Edition
|
vers:unknown/* |
References
9 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Business Intelligence Enterprise Edition.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een Denial-of-Service te veroorzaken, of kunnen leiden tot ongeautoriseerde toegang en wijziging van kritieke gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Analytics",
"tracking": {
"current_release_date": "2026-01-21T10:10:15.985753Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0028",
"initial_release_date": "2026-01-21T10:10:15.985753Z",
"revision_history": [
{
"date": "2026-01-21T10:10:15.985753Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Business Intelligence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Business Intelligence Enterprise Edition"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23926",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Middleware, Business Intelligence, and SOA Suite, as well as XMLBeans, expose systems to unauthorized access and denial of service, with CVSS scores ranging from 7.3 to 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-23926 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-23926.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2021-23926"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Recent updates and vulnerabilities in Apache MINA SSHD, Oracle products, and Red Hat JBoss Data Grid highlight significant security risks, including unsafe Java deserialization and unauthenticated access leading to potential system compromises.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-45047 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-45047.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Business Intelligence, Primavera Gateway, Oracle GoldenGate, and HPE Telco Service Orchestrator allow for denial of service, with CVSS scores ranging from 2.7 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Oracle Communications Unified Assurance and Oracle Business Intelligence Enterprise Edition, allowing denial of service attacks, while older jackson-core versions are prone to StackoverflowErrors when parsing nested data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2026-21976",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Business Intelligence Enterprise Edition (versions 7.6.0.0.0 and 8.2.0.0.0) allows low-privileged attackers to compromise the system, with a CVSS score of 7.1 indicating significant impacts on confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-21976"
}
]
}
NCSC-2026-0126
Vulnerability from csaf_ncscnl - Published: 2026-04-22 12:56 - Updated: 2026-04-22 12:56Summary
Kwetsbaarheden verholpen in Oracle E-Business Suite
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.
Interpretaties: De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-284: Improper Access Control
A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.
9.8 (Critical)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.
9.1 (Critical)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.
8.8 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite's ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.
7.6 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.
6.1 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.
5.9 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.
5.5 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.
6.3 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.
5.4 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.
4.7 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
References
14 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.\n\n",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle E-Business Suite",
"tracking": {
"current_release_date": "2026-04-22T12:56:26.266249Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0126",
"initial_release_date": "2026-04-22T12:56:26.266249Z",
"revision_history": [
{
"date": "2026-04-22T12:56:26.266249Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Oracle Advanced Inbound Telephony"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Advanced Supply Chain Planning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Applications DBA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Command Center Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Flow Manufacturing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Global Order Promising"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle HCM Common Architecture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Rapid Planning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Yard Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle iProcurement"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-34275",
"notes": [
{
"category": "description",
"text": "A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34275 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34275.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34275"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2025-48734",
"notes": [
{
"category": "description",
"text": "Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2026-22011",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite\u0027s ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22011 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22011.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-22011"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "description",
"text": "Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2026-34297",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34297 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34297.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34297"
},
{
"cve": "CVE-2026-34274",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34274 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34274.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34274"
},
{
"cve": "CVE-2025-41242",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41242 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41242.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-41242"
},
{
"cve": "CVE-2026-34302",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34302"
},
{
"cve": "CVE-2025-31672",
"notes": [
{
"category": "description",
"text": "Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-34298",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34298 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34298.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34298"
},
{
"cve": "CVE-2026-22014",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-22014"
}
]
}
WID-SEC-W-2025-1139
Vulnerability from csaf_certbund - Published: 2025-05-25 22:00 - Updated: 2025-05-25 22:00Summary
IBM SPSS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools für Geschäftsbenutzer, Analysten und Statistik-Programmierer.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM SPSS ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM SPSS <8.5.0.0-IM-SCaDS-REPOSITORYSERVER-IF025
IBM / SPSS
|
<8.5.0.0-IM-SCaDS-REPOSITORYSERVER-IF025 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools f\u00fcr Gesch\u00e4ftsbenutzer, Analysten und Statistik-Programmierer.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM SPSS ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1139 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1139.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1139 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1139"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-25",
"url": "https://www.ibm.com/support/pages/node/7234621"
}
],
"source_lang": "en-US",
"title": "IBM SPSS: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-05-25T22:00:00.000+00:00",
"generator": {
"date": "2025-05-26T09:35:58.871+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1139",
"initial_release_date": "2025-05-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.5.0.0-IM-SCaDS-REPOSITORYSERVER-IF025",
"product": {
"name": "IBM SPSS \u003c8.5.0.0-IM-SCaDS-REPOSITORYSERVER-IF025",
"product_id": "T044143"
}
},
{
"category": "product_version",
"name": "8.5.0.0-IM-SCaDS-REPOSITORYSERVER-IF025",
"product": {
"name": "IBM SPSS 8.5.0.0-IM-SCaDS-REPOSITORYSERVER-IF025",
"product_id": "T044143-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:8.5.0.0-im-scads-repositoryserver-if025"
}
}
}
],
"category": "product_name",
"name": "SPSS"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T044143"
]
},
"release_date": "2025-05-25T22:00:00.000+00:00",
"title": "CVE-2025-31672"
}
]
}
WID-SEC-W-2025-1142
Vulnerability from csaf_certbund - Published: 2025-05-25 22:00 - Updated: 2025-05-25 22:00Summary
NetApp ActiveIQ Unified Manager: Schwachstelle ermöglicht Offenlegung von Informationen, Manipulation von Dateien, und Denial of Service.
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: ActiveIQ Unified Manager ist eine Managementlösung für NetApp Storage Produkte.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NetApp ActiveIQ Unified Manager ausnutzen, um Informationen offenzulegen, um Dateien zu manipulieren, und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ActiveIQ Unified Manager ist eine Managementl\u00f6sung f\u00fcr NetApp Storage Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NetApp ActiveIQ Unified Manager ausnutzen, um Informationen offenzulegen, um Dateien zu manipulieren, und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1142 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1142.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1142 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1142"
},
{
"category": "external",
"summary": "NetApp Security Advisory vom 2025-05-25",
"url": "https://security.netapp.com/advisory/ntap-20250523-0004/"
}
],
"source_lang": "en-US",
"title": "NetApp ActiveIQ Unified Manager: Schwachstelle erm\u00f6glicht Offenlegung von Informationen, Manipulation von Dateien, und Denial of Service.",
"tracking": {
"current_release_date": "2025-05-25T22:00:00.000+00:00",
"generator": {
"date": "2025-05-26T10:55:54.184+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1142",
"initial_release_date": "2025-05-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T044145",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T044145"
]
},
"release_date": "2025-05-25T22:00:00.000+00:00",
"title": "CVE-2025-31672"
}
]
}
WID-SEC-W-2025-1337
Vulnerability from csaf_certbund - Published: 2025-06-16 22:00 - Updated: 2025-06-16 22:00Summary
IBM Tivoli Netcool/OMNIbus: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Tivoli Netcool/OMNIbus ist eine Software zum Betriebsmanagement von IBM.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Tivoli Netcool/OMNIbus ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Netcool/OMNIbus 8.1-8.1.0.37
IBM / Tivoli Netcool/OMNIbus
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1_-_8.1.0.37
|
8.1-8.1.0.37 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Tivoli Netcool/OMNIbus ist eine Software zum Betriebsmanagement von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Tivoli Netcool/OMNIbus ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1337 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1337.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1337 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1337"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7236995 vom 2025-06-17",
"url": "https://www.ibm.com/support/pages/node/7236995"
}
],
"source_lang": "en-US",
"title": "IBM Tivoli Netcool/OMNIbus: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-06-16T22:00:00.000+00:00",
"generator": {
"date": "2025-06-17T11:05:43.962+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1337",
"initial_release_date": "2025-06-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.1-8.1.0.37",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus 8.1-8.1.0.37",
"product_id": "T044664",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1_-_8.1.0.37"
}
}
}
],
"category": "product_name",
"name": "Tivoli Netcool/OMNIbus"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T044664"
]
},
"release_date": "2025-06-16T22:00:00.000+00:00",
"title": "CVE-2025-31672"
}
]
}
WID-SEC-W-2025-1572
Vulnerability from csaf_certbund - Published: 2025-07-15 22:00 - Updated: 2025-07-15 22:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1572 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1572.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1572 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1572"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle Fusion Middleware vom 2025-07-15",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixFMW"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-15T22:00:00.000+00:00",
"generator": {
"date": "2025-07-16T08:31:59.092+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1572",
"initial_release_date": "2025-07-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "14.1.2.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.0.0",
"product_id": "T040467",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45693",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2023-42917",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2023-42917"
},
{
"cve": "CVE-2024-12801",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-12801"
},
{
"cve": "CVE-2024-26308",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-38477",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-38477"
},
{
"cve": "CVE-2024-38819",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38828",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-38828"
},
{
"cve": "CVE-2024-47072",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-52046",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2024-6763",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-8176",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2024-8184",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-8184"
},
{
"cve": "CVE-2024-9143",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2025-0725",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-0725"
},
{
"cve": "CVE-2025-24928",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-24928"
},
{
"cve": "CVE-2025-27553",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27817",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-29482",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-29482"
},
{
"cve": "CVE-2025-30753",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-30753"
},
{
"cve": "CVE-2025-30762",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-30762"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-49146",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-49146"
},
{
"cve": "CVE-2025-50064",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50064"
},
{
"cve": "CVE-2025-50072",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50072"
},
{
"cve": "CVE-2025-50073",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50073"
}
]
}
WID-SEC-W-2025-2154
Vulnerability from csaf_certbund - Published: 2025-09-29 22:00 - Updated: 2025-09-29 22:00Summary
IBM InfoSphere Information Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.6 Service pack 1
IBM / InfoSphere Information Server
|
<11.7.1.6 Service pack 1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.6 Service pack 1
IBM / InfoSphere Information Server
|
<11.7.1.6 Service pack 1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.6 Service pack 1
IBM / InfoSphere Information Server
|
<11.7.1.6 Service pack 1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.6 Service pack 1
IBM / InfoSphere Information Server
|
<11.7.1.6 Service pack 1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.6 Service pack 1
IBM / InfoSphere Information Server
|
<11.7.1.6 Service pack 1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.6 Service pack 1
IBM / InfoSphere Information Server
|
<11.7.1.6 Service pack 1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.6 Service pack 1
IBM / InfoSphere Information Server
|
<11.7.1.6 Service pack 1 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2154 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2154.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2154 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2154"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-29",
"url": "https://www.ibm.com/support/pages/node/7246093"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-29",
"url": "https://www.ibm.com/support/pages/node/7246094"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-29",
"url": "https://www.ibm.com/support/pages/node/7246100"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-29",
"url": "https://www.ibm.com/support/pages/node/7246163"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-29",
"url": "https://www.ibm.com/support/pages/node/7246166"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-29",
"url": "https://www.ibm.com/support/pages/node/7246170"
}
],
"source_lang": "en-US",
"title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-29T22:00:00.000+00:00",
"generator": {
"date": "2025-09-30T10:36:16.177+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2154",
"initial_release_date": "2025-09-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.7.1.6 Service pack 1",
"product": {
"name": "IBM InfoSphere Information Server \u003c11.7.1.6 Service pack 1",
"product_id": "T047250"
}
},
{
"category": "product_version",
"name": "11.7.1.6 Service pack 1",
"product": {
"name": "IBM InfoSphere Information Server 11.7.1.6 Service pack 1",
"product_id": "T047250-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7.1.6_service_pack_1"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-2245",
"product_status": {
"known_affected": [
"T047250"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2010-2245"
},
{
"cve": "CVE-2024-28168",
"product_status": {
"known_affected": [
"T047250"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T047250"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-36245",
"product_status": {
"known_affected": [
"T047250"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-36245"
},
{
"cve": "CVE-2025-50181",
"product_status": {
"known_affected": [
"T047250"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-50181"
},
{
"cve": "CVE-2025-50182",
"product_status": {
"known_affected": [
"T047250"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-50182"
},
{
"cve": "CVE-2025-53864",
"product_status": {
"known_affected": [
"T047250"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-53864"
}
]
}
WID-SEC-W-2025-2265
Vulnerability from csaf_certbund - Published: 2025-10-13 22:00 - Updated: 2025-10-13 22:00Summary
SAP Patchday Oktober 2025: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder andere nicht näher spezifizierte Auswirkungen zu erzielen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder andere nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2265 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2265.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2265 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2265"
},
{
"category": "external",
"summary": "SAP Security Patch Day - October 2025 vom 2025-10-13",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday Oktober 2025: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-13T22:00:00.000+00:00",
"generator": {
"date": "2025-10-14T09:19:49.103+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2265",
"initial_release_date": "2025-10-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T047578",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0059",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-0059"
},
{
"cve": "CVE-2025-31331",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-31331"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-42901",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42901"
},
{
"cve": "CVE-2025-42902",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42902"
},
{
"cve": "CVE-2025-42903",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42903"
},
{
"cve": "CVE-2025-42906",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42906"
},
{
"cve": "CVE-2025-42908",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42908"
},
{
"cve": "CVE-2025-42909",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42909"
},
{
"cve": "CVE-2025-42910",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42910"
},
{
"cve": "CVE-2025-42937",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42937"
},
{
"cve": "CVE-2025-42939",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42939"
},
{
"cve": "CVE-2025-42944",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-42944"
},
{
"cve": "CVE-2025-48913",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-48913"
},
{
"cve": "CVE-2025-5115",
"product_status": {
"known_affected": [
"T047578"
]
},
"release_date": "2025-10-13T22:00:00.000+00:00",
"title": "CVE-2025-5115"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…