Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-48924 (GCVE-0-2025-48924)
Vulnerability from cvelistv5 – Published: 2025-07-11 14:56 – Updated: 2025-11-04 22:06
VLAI
EPSS
Title
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Commons Lang |
Affected:
2.0 , ≤ 2.6
(maven)
|
|
| Apache Software Foundation | Apache Commons Lang |
Affected:
3.0 , < 3.18.0
(maven)
|
Credits
OSS-Fuzz Issue 42522972
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:36:59.432024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:37:02.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:40.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unknown",
"packageName": "commons-lang:commons-lang",
"product": "Apache Commons Lang",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "2.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.commons:commons-lang3",
"product": "Apache Commons Lang",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.18.0",
"status": "affected",
"version": "3.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OSS-Fuzz Issue 42522972"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUncontrolled Recursion vulnerability in Apache Commons Lang.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons Lang: Starting with\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons-lang:commons-lang\u0026nbsp;\u003c/span\u003e2.0 to 2.6, and, from org.apache.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons:commons-lang3 3.0 before\u0026nbsp;\u003c/span\u003e3.18.0.\u003c/p\u003e\u003cp\u003eThe methods ClassUtils.getClass(...) can throw\u0026nbsp;StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u0026nbsp;cause an application to stop.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T14:56:58.049Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48924",
"datePublished": "2025-07-11T14:56:58.049Z",
"dateReserved": "2025-05-28T15:06:51.476Z",
"dateUpdated": "2025-11-04T22:06:40.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-48924",
"date": "2026-06-05",
"epss": "0.00099",
"percentile": "0.27196"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-48924\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-07-11T15:15:24.347\",\"lastModified\":\"2025-11-04T22:16:17.823\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled Recursion vulnerability in Apache Commons Lang.\\n\\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\\n\\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \\nStackOverflowError could\u00a0cause an application to stop.\\n\\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de recursi\u00f3n incontrolada en Apache Commons Lang. Este problema afecta a Apache Commons Lang: a partir de commons-lang:commons-lang 2.0 a 2.6, y desde org.apache.commons:commons-lang3 3.0 hasta 3.18.0. El m\u00e9todo ClassUtils.getClass(...) puede generar un error de StackOverflowError en entradas muy largas. Dado que las aplicaciones y librer\u00edas no suelen gestionar un error, un error de StackOverflowError podr\u00eda provocar la detenci\u00f3n de una aplicaci\u00f3n. Se recomienda actualizar a la versi\u00f3n 3.18.0, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_lang:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.6\",\"matchCriteriaId\":\"88B2D4D0-4FA9-443F-8195-E1C35122DC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_lang:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndExcluding\":\"3.18.0\",\"matchCriteriaId\":\"71219CE6-DF6F-469F-A603-C28B43865D7A\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/11/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/11/1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:06:40.023Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48924\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-14T16:36:59.432024Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T20:10:08.183Z\"}}], \"cna\": {\"title\": \"Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"OSS-Fuzz Issue 42522972\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons Lang\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\", \"versionType\": \"maven\", \"lessThanOrEqual\": \"2.6\"}], \"packageName\": \"commons-lang:commons-lang\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons Lang\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\", \"lessThan\": \"3.18.0\", \"versionType\": \"maven\"}], \"packageName\": \"org.apache.commons:commons-lang3\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uncontrolled Recursion vulnerability in Apache Commons Lang.\\n\\nThis issue affects Apache Commons Lang: Starting with\\u00a0commons-lang:commons-lang\\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\\u00a03.18.0.\\n\\nThe methods ClassUtils.getClass(...) can throw\\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \\nStackOverflowError could\\u00a0cause an application to stop.\\n\\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUncontrolled Recursion vulnerability in Apache Commons Lang.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons Lang: Starting with\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ecommons-lang:commons-lang\u0026nbsp;\u003c/span\u003e2.0 to 2.6, and, from org.apache.\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ecommons:commons-lang3 3.0 before\u0026nbsp;\u003c/span\u003e3.18.0.\u003c/p\u003e\u003cp\u003eThe methods ClassUtils.getClass(...) can throw\u0026nbsp;StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \\nStackOverflowError could\u0026nbsp;cause an application to stop.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-07-11T14:56:58.049Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-48924\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T22:06:40.023Z\", \"dateReserved\": \"2025-05-28T15:06:51.476Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-07-11T14:56:58.049Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-48924
Vulnerability from fkie_nvd - Published: 2025-07-11 15:15 - Updated: 2025-11-04 22:16
Severity
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | commons_lang | * | |
| apache | commons_lang | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:commons_lang:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B2D4D0-4FA9-443F-8195-E1C35122DC0B",
"versionEndExcluding": "2.6",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:commons_lang:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71219CE6-DF6F-469F-A603-C28B43865D7A",
"versionEndExcluding": "3.18.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de recursi\u00f3n incontrolada en Apache Commons Lang. Este problema afecta a Apache Commons Lang: a partir de commons-lang:commons-lang 2.0 a 2.6, y desde org.apache.commons:commons-lang3 3.0 hasta 3.18.0. El m\u00e9todo ClassUtils.getClass(...) puede generar un error de StackOverflowError en entradas muy largas. Dado que las aplicaciones y librer\u00edas no suelen gestionar un error, un error de StackOverflowError podr\u00eda provocar la detenci\u00f3n de una aplicaci\u00f3n. Se recomienda actualizar a la versi\u00f3n 3.18.0, que soluciona el problema."
}
],
"id": "CVE-2025-48924",
"lastModified": "2025-11-04T22:16:17.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-11T15:15:24.347",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-J288-Q9X7-2F5V
Vulnerability from github – Published: 2025-07-11 15:31 – Updated: 2025-11-05 20:30
VLAI
Summary
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
Details
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Severity
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.commons:commons-lang3"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.18.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "commons-lang:commons-lang"
},
"ranges": [
{
"events": [
{
"introduced": "2.0"
},
{
"last_affected": "2.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-48924"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-12T00:48:03Z",
"nvd_published_at": "2025-07-11T15:15:24Z",
"severity": "MODERATE"
},
"details": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue.",
"id": "GHSA-j288-q9x7-2f5v",
"modified": "2025-11-05T20:30:31Z",
"published": "2025-07-11T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://github.com/apache/commons-lang/commit/b424803abdb2bec818e4fbcb251ce031c22aca53"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/commons-lang"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs"
}
MSRC_CVE-2025-48924
Vulnerability from csaf_microsoft - Published: 2025-07-02 00:00 - Updated: 2026-02-18 01:12Summary
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 20181-17086 | — | ||
| Unresolved product id: 20187-17084 | — | ||
| Unresolved product id: 20391-17086 | — |
Known affected
3 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-2 | — | ||
| Unresolved product id: 17084-5 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-48924.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs",
"tracking": {
"current_release_date": "2026-02-18T01:12:57.000Z",
"generator": {
"date": "2026-02-18T11:15:53.305Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-48924",
"initial_release_date": "2025-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T22:42:41.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T01:12:57.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 apache-commons-lang3 3.8.1-5",
"product": {
"name": "\u003ccbl2 apache-commons-lang3 3.8.1-5",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 apache-commons-lang3 3.8.1-5",
"product": {
"name": "cbl2 apache-commons-lang3 3.8.1-5",
"product_id": "20181"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 apache-commons-lang3 3.8.1-6",
"product": {
"name": "\u003cazl3 apache-commons-lang3 3.8.1-6",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 apache-commons-lang3 3.8.1-6",
"product": {
"name": "azl3 apache-commons-lang3 3.8.1-6",
"product_id": "20187"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 apache-commons-lang3 3.8.1-6",
"product": {
"name": "\u003ccbl2 apache-commons-lang3 3.8.1-6",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 apache-commons-lang3 3.8.1-6",
"product": {
"name": "cbl2 apache-commons-lang3 3.8.1-6",
"product_id": "20391"
}
}
],
"category": "product_name",
"name": "apache-commons-lang3"
},
{
"category": "product_name",
"name": "cbl2 javapackages-bootstrap 1.5.0-7",
"product": {
"name": "cbl2 javapackages-bootstrap 1.5.0-7",
"product_id": "2"
}
},
{
"category": "product_name",
"name": "azl3 javapackages-bootstrap 1.14.0-3",
"product": {
"name": "azl3 javapackages-bootstrap 1.14.0-3",
"product_id": "5"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 apache-commons-lang3 3.8.1-5 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 apache-commons-lang3 3.8.1-5 as a component of CBL Mariner 2.0",
"product_id": "20181-17086"
},
"product_reference": "20181",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 apache-commons-lang3 3.8.1-6 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 apache-commons-lang3 3.8.1-6 as a component of Azure Linux 3.0",
"product_id": "20187-17084"
},
"product_reference": "20187",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 javapackages-bootstrap 1.5.0-7 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 javapackages-bootstrap 1.14.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 apache-commons-lang3 3.8.1-6 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 apache-commons-lang3 3.8.1-6 as a component of CBL Mariner 2.0",
"product_id": "20391-17086"
},
"product_reference": "20391",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-2",
"17084-5"
]
}
],
"notes": [
{
"category": "general",
"text": "apache",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20181-17086",
"20187-17084",
"20391-17086"
],
"known_affected": [
"17086-4",
"17084-3",
"17086-1"
],
"known_not_affected": [
"17086-2",
"17084-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-48924.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T22:42:41.000Z",
"details": "3.8.1-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-4",
"17084-3",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"17086-4",
"17084-3",
"17086-1"
]
}
],
"title": "Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs"
}
]
}
NCSC-2025-0329
Vulnerability from csaf_ncscnl - Published: 2025-10-23 07:20 - Updated: 2025-10-23 07:20Summary
Kwetsbaarheden verholpen in Oracle Commerce
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende subcomponenten van Oracle Commerce producten, waaronder Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, en Oracle Application Testing Suite.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om gedeeltelijke of volledige Denial of Service (DoS) te veroorzaken, met CVSS-scores variërend van 2.7 tot 7.5. Dit kan leiden tot systeemuitval en ongeoorloofde toegang tot gegevens. Aanvallers kunnen deze kwetsbaarheden misbruiken door specifieke verzoeken te sturen die de systemen overbelasten of door gebruik te maken van onbetrouwbare invoer. De kwetsbaarheden zijn aangetroffen in verschillende versies van de betrokken producten, wat de impact vergroot.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-937: CWE-937
CWE-1035: CWE-1035
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
CVE-2024-38820 identifies a vulnerability in the Spring Framework affecting multiple versions, while a separate issue in the Oracle Commerce Platform's Dynamo Application Framework allows low-privileged attackers to manipulate data.
CWE-20 - Improper Input ValidationAffected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebCenter Forms Recognition and Apache CXF expose systems to data compromise and denial of service risks, with CVSS scores indicating significant impacts on confidentiality, integrity, and availability.
5.6 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
References
9 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende subcomponenten van Oracle Commerce producten, waaronder Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, en Oracle Application Testing Suite.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om gedeeltelijke of volledige Denial of Service (DoS) te veroorzaken, met CVSS-scores vari\u00ebrend van 2.7 tot 7.5. Dit kan leiden tot systeemuitval en ongeoorloofde toegang tot gegevens. Aanvallers kunnen deze kwetsbaarheden misbruiken door specifieke verzoeken te sturen die de systemen overbelasten of door gebruik te maken van onbetrouwbare invoer. De kwetsbaarheden zijn aangetroffen in verschillende versies van de betrokken producten, wat de impact vergroot.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpuoct2025csaf.json"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2025-10-23T07:20:51.213314Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0329",
"initial_release_date": "2025-10-23T07:20:51.213314Z",
"revision_history": [
{
"date": "2025-10-23T07:20:51.213314Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Guided Search"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-22233",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "CVE-2024-38820 identifies a vulnerability in the Spring Framework affecting multiple versions, while a separate issue in the Oracle Commerce Platform\u0027s Dynamo Application Framework allows low-privileged attackers to manipulate data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22233 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-22233.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-22233"
},
{
"cve": "CVE-2025-48795",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebCenter Forms Recognition and Apache CXF expose systems to data compromise and denial of service risks, with CVSS scores indicating significant impacts on confidentiality, integrity, and availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48795"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-55163"
}
]
}
NCSC-2025-0330
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:20 - Updated: 2025-10-23 13:20Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.
Interpretaties: De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23: Relative Path Traversal
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-124: Buffer Underwrite ('Buffer Underflow')
CWE-125: Out-of-bounds Read
CWE-129: Improper Validation of Array Index
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-147: Improper Neutralization of Input Terminators
CWE-190: Integer Overflow or Wraparound
CWE-197: Numeric Truncation Error
CWE-241: Improper Handling of Unexpected Data Type
CWE-252: Unchecked Return Value
CWE-253: Incorrect Check of Function Return Value
CWE-284: Improper Access Control
CWE-287: Improper Authentication
CWE-290: Authentication Bypass by Spoofing
CWE-328: Use of Weak Hash
CWE-385: Covert Timing Channel
CWE-390: Detection of Error Condition Without Action
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-407: Inefficient Algorithmic Complexity
CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415: Double Free
CWE-416: Use After Free
CWE-426: Untrusted Search Path
CWE-440: Expected Behavior Violation
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476: NULL Pointer Dereference
CWE-674: Uncontrolled Recursion
CWE-697: Incorrect Comparison
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-789: Memory Allocation with Excessive Size Value
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1284: Improper Validation of Specified Quantity in Input
CWE-1333: Inefficient Regular Expression Complexity
Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.
6.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.
8.2 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.
4.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.
5.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.
5.9 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
9.4 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.
8.4 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The 'MadeYouReset' vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.
5.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl's WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.
CWE-1333 - Inefficient Regular Expression ComplexityAffected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.
9.8 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.
CWE-241 - Improper Handling of Unexpected Data TypeAffected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.
7.0 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications' Cloud Native Environment has a non-exploitable Security-in-Depth issue.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.
5.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.
8.1 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.
4.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS's certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle's flaw.
8.2 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.
8.6 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.
5.8 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.
8.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server's Perl component but is not exploitable.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
References
51 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2025-10-23T13:20:15.363063Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0330",
"initial_release_date": "2025-10-23T13:20:15.363063Z",
"revision_history": [
{
"date": "2025-10-23T13:20:15.363063Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications Cloud Native Core Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Management Cloud Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications Calendar Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Automated Test Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Binding Support Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Certificate Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core DBTier"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Repository Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Policy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Service Communication Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Unified Data Repository"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Converged Charging System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergent Charging Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Oracle Communications Diameter Signaling Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE Element Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE LNP Application Processor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Oracle Communications LSMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Oracle Communications Messaging Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Charging and Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Oracle Communications Offline Mediation Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Oracle Communications Service Catalog and Design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Operations Monitor"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-35164",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-35164"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-50609",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-50609"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-1948"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "description",
"text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3576 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5889 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7339",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7962",
"cwe": {
"id": "CWE-147",
"name": "Improper Neutralization of Input Terminators"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8058"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27587 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53547",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54090",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "other",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-54090"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-57803",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-57803"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-59375"
}
]
}
NCSC-2025-0333
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:35 - Updated: 2025-10-23 13:35Summary
Kwetsbaarheden verholpen in Oracle Financial Services
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Financial Services componenten.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om ongeautoriseerde toegang te krijgen tot gevoelige gegevens via HTTP. Dit kan leiden tot ongeoorloofde toegang en wijzigingen van kritieke data, met een CVSS-score van 9.8 die de significante impact op de vertrouwelijkheid benadrukt. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot denial-of-service (DoS) aanvallen, wat de beschikbaarheid van het systeem in gevaar kan brengen.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-23: Relative Path Traversal
CWE-125: Out-of-bounds Read
CWE-197: Numeric Truncation Error
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-306: Missing Authentication for Critical Function
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-862: Missing Authorization
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1284: Improper Validation of Specified Quantity in Input
Multiple vulnerabilities in Oracle Financial Services applications and Apache XmlGraphics Commons allow unauthorized access to critical data and server-side request forgery, all with a CVSS score of 8.2.
8.2 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Recent updates address multiple security vulnerabilities across various products, including XML External Entity (XXE) issues in Apache XML Graphics FOP and Oracle applications, allowing unauthorized access to sensitive data.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
The 'MadeYouReset' vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.
9.8 (Critical)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.
8.1 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.
6.3 (Medium)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.
7.8 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Recent vulnerabilities in Oracle Financial Services and the Spring Framework expose critical data and authorization flaws, affecting multiple versions and products with significant security implications.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows high-privileged attackers to gain unauthorized access to critical data via HTTP, with a CVSS 3.1 Base Score of 4.9.
4.9 (Medium)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 6.5.
6.5 (Medium)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.
5.4 (Medium)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows low privileged attackers to access critical data, affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5, with a CVSS score of 6.5.
6.5 (Medium)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to access critical data via HTTP, with a CVSS score of 8.6.
8.6 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A critical vulnerability in Oracle Financial Services Analytical Applications Infrastructure (versions 8.0.7.9, 8.0.8.7, and 8.1.2.5) allows unauthenticated attackers to compromise the system via HTTP, with a CVSS score of 9.8.
9.8 (Critical)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server's Perl component but is not exploitable.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows low-privileged attackers to exploit it via HTTP, posing significant risks to data confidentiality and integrity.
8.1 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows unauthenticated attackers to execute denial of service attacks on specific versions, rated with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Financial Services Revenue Management And Billing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Origination
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Analytical Applications Infrastructure
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Behavior Detection Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
|
vers:unknown/* |
References
23 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Financial Services componenten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om ongeautoriseerde toegang te krijgen tot gevoelige gegevens via HTTP. Dit kan leiden tot ongeoorloofde toegang en wijzigingen van kritieke data, met een CVSS-score van 9.8 die de significante impact op de vertrouwelijkheid benadrukt. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot denial-of-service (DoS) aanvallen, wat de beschikbaarheid van het systeem in gevaar kan brengen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Financial Services",
"tracking": {
"current_release_date": "2025-10-23T13:35:32.902231Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0333",
"initial_release_date": "2025-10-23T13:35:32.902231Z",
"revision_history": [
{
"date": "2025-10-23T13:35:32.902231Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Financial Services Revenue Management And Billing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Banking Branch"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Banking Corporate Lending Process Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Banking Origination"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Analytical Applications Infrastructure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Behavior Detection Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Compliance Studio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11988",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Financial Services applications and Apache XmlGraphics Commons allow unauthorized access to critical data and server-side request forgery, all with a CVSS score of 8.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-11988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-11988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2020-11988"
},
{
"cve": "CVE-2024-28168",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "description",
"text": "Recent updates address multiple security vulnerabilities across various products, including XML External Entity (XXE) issues in Apache XML Graphics FOP and Oracle applications, allowing unauthorized access to sensitive data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28168 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services and the Spring Framework expose critical data and authorization flaws, affecting multiple versions and products with significant security implications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-50074",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows high-privileged attackers to gain unauthorized access to critical data via HTTP, with a CVSS 3.1 Base Score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50074 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50074.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-50074"
},
{
"cve": "CVE-2025-50075",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50075 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50075.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-50075"
},
{
"cve": "CVE-2025-53034",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53034 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53034.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53034"
},
{
"cve": "CVE-2025-53035",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows low privileged attackers to access critical data, affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5, with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53035 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53035.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53035"
},
{
"cve": "CVE-2025-53036",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to access critical data via HTTP, with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53036 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53036.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53036"
},
{
"cve": "CVE-2025-53037",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A critical vulnerability in Oracle Financial Services Analytical Applications Infrastructure (versions 8.0.7.9, 8.0.8.7, and 8.1.2.5) allows unauthenticated attackers to compromise the system via HTTP, with a CVSS score of 9.8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53037 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53037.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53037"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-61751",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows low-privileged attackers to exploit it via HTTP, posing significant risks to data confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61751 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61751.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-61751"
},
{
"cve": "CVE-2025-61756",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows unauthenticated attackers to execute denial of service attacks on specific versions, rated with a CVSS score of 7.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61756 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61756.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-61756"
}
]
}
NCSC-2025-0334
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:42 - Updated: 2025-11-21 16:03Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact.
Het NCSC ontvangt berichten dat er media-aandacht is voor de kwetsbaarheid met kenmerk CVE-2025-61757. Betrouwbare partners nemen scanverkeer waar, waarin actief gezocht wordt naar mogelijke uitvoer van willekeurige code.
De kwetsbaarheid bevindt zich in **Oracle Identity Manager** en betreft een issue waarbij authenticatie kan worden omzeild omdat bestanden eindigend op de extensie `.wadl` vrijgesteld zijn van authenticatie. Zomaar `.wadl` toevoegen als extensie bij een willekeurige URL zal geen effect hebben, omdat dan een niet-bestaand bestand wordt benaderd. Echter, onderzoekers hebben ontdekt dat het toevoegen van een `;` aan de extensie in theorie code-executie mogelijk kan maken.
In logging kan worden gezocht naar `;.wadl` als extensie. Dit duidt in elk geval op scanverkeer. Nadere analyse van de logging moet uitwijzen of uitvoer van code heeft plaatsgevonden. Op dit moment is (nog) geen indicatie ontvangen dat uitvoer van willekeurige code daadwerkelijk ergens heeft plaatsgevonden. Het NCSC kan daarom (nog) geen IoC's delen om de eigen logging te analyseren.
Het NCSC verwacht vanwege de media-aandacht en de publicatie van de onderzoekers echter wel op korte termijn een toename van scanverkeer en mogelijk werkende Proof-of-Concept-code (PoC) en adviseert de updates zo spoedig mogelijk in te zetten, indien dit (nog) niet is gebeurd.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-122: Heap-based Buffer Overflow
CWE-190: Integer Overflow or Wraparound
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-306: Missing Authentication for Critical Function
CWE-354: Improper Validation of Integrity Check Value
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-674: Uncontrolled Recursion
CWE-680: Integer Overflow to Buffer Overflow
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-789: Memory Allocation with Excessive Size Value
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
Multiple vulnerabilities have been identified across various software products, including JUnit4, Oracle WebLogic Server, and TensorFlow, allowing unauthorized access and information disclosure, with several updates addressing these issues.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Multiple vulnerabilities across Oracle, Siemens, IBM, zlib, and NetApp products pose severe risks, including remote code execution, denial of service, and data manipulation, with CVSS scores indicating high impact potential.
9.8 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Retail Applications, Oracle Middleware, and Apache MINA SSHD could be exploited by remote attackers, affecting data integrity and security features with varying CVSS scores.
5.9 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Recent vulnerabilities in Oracle Fusion Middleware and Dell BSAFE Micro Edition Suite could allow unauthenticated attackers to cause denial of service, with CVSS scores indicating significant severity.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Bouncy Castle for Java has a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and HPE Telco Service Activator also exhibit various security vulnerabilities, including denial of service and SQL injection risks.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access and exploitation, including SSRF and arbitrary file reads, with CVSS scores of 7.5 for Oracle products.
8.1 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebCenter Forms Recognition, Apache CXF, and HPE Telco Service Activator expose systems to data compromise, denial of service, and resource management issues, with varying severity levels.
5.6 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload could lead to denial of service (DoS) attacks, with specific versions identified as vulnerable.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Recent vulnerabilities have been identified in Oracle Outside In Technology versions 8.5.7 and 8.5.8, and in 7-Zip prior to version 25.0.0, both allowing denial of service attacks.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
A vulnerability in Oracle WebLogic Server versions 14.1.1.0.0 and 14.1.2.0.0 allows unauthenticated attackers to exploit HTTP/2 access, potentially leading to denial of service with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
A critical vulnerability in Oracle Fusion Middleware's Identity Manager (versions 12.2.1.4.0 and 14.1.2.1.0) allows unauthenticated HTTP attackers to potentially take over the system, with a CVSS score of 9.8.
9.8 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
A vulnerability in Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 allows unauthenticated attackers to access certain data via HTTP, with a CVSS 3.1 Base Score of 5.3 indicating confidentiality impacts.
5.3 (Medium)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Data Quality
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Fusion Middleware MapViewer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle JDeveloper
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Middleware Common Libraries and Tools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Forms Recognition
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Portal
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Outside In Technology
|
vers:unknown/* |
References
17 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact.\n\nHet NCSC ontvangt berichten dat er media-aandacht is voor de kwetsbaarheid met kenmerk CVE-2025-61757. Betrouwbare partners nemen scanverkeer waar, waarin actief gezocht wordt naar mogelijke uitvoer van willekeurige code.\nDe kwetsbaarheid bevindt zich in **Oracle Identity Manager** en betreft een issue waarbij authenticatie kan worden omzeild omdat bestanden eindigend op de extensie `.wadl` vrijgesteld zijn van authenticatie. Zomaar `.wadl` toevoegen als extensie bij een willekeurige URL zal geen effect hebben, omdat dan een niet-bestaand bestand wordt benaderd. Echter, onderzoekers hebben ontdekt dat het toevoegen van een `;` aan de extensie in theorie code-executie mogelijk kan maken.\n\nIn logging kan worden gezocht naar `;.wadl` als extensie. Dit duidt in elk geval op scanverkeer. Nadere analyse van de logging moet uitwijzen of uitvoer van code heeft plaatsgevonden. Op dit moment is (nog) geen indicatie ontvangen dat uitvoer van willekeurige code daadwerkelijk ergens heeft plaatsgevonden. Het NCSC kan daarom (nog) geen IoC\u0027s delen om de eigen logging te analyseren.\n\nHet NCSC verwacht vanwege de media-aandacht en de publicatie van de onderzoekers echter wel op korte termijn een toename van scanverkeer en mogelijk werkende Proof-of-Concept-code (PoC) en adviseert de updates zo spoedig mogelijk in te zetten, indien dit (nog) niet is gebeurd.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2025-11-21T16:03:18.991100Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0334",
"initial_release_date": "2025-10-23T13:42:11.992643Z",
"revision_history": [
{
"date": "2025-10-23T13:42:11.992643Z",
"number": "1.0.0",
"summary": "Initiele versie"
},
{
"date": "2025-11-21T16:03:18.991100Z",
"number": "1.0.1",
"summary": "Er is media-aandacht voor de kwetsbaarheid met kenmerk CVE-2025-61757. Verhoging in scanverkeer en potentieel misbruik wordt verwacht."
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Identity Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Identity Manager (Application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Data Quality"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Fusion Middleware MapViewer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Global Lifecycle Management NextGen OUI Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle JDeveloper"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Middleware Common Libraries and Tools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Security Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Forms Recognition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Outside In Technology"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15250",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various software products, including JUnit4, Oracle WebLogic Server, and TensorFlow, allowing unauthorized access and information disclosure, with several updates addressing these issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-15250 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-15250.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2020-15250"
},
{
"cve": "CVE-2023-45853",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle, Siemens, IBM, zlib, and NetApp products pose severe risks, including remote code execution, denial of service, and data manipulation, with CVSS scores indicating high impact potential.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45853 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-45853.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2024-41909",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Retail Applications, Oracle Middleware, and Apache MINA SSHD could be exploited by remote attackers, affecting data integrity and security features with varying CVSS scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41909 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-41909.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2024-41909"
},
{
"cve": "CVE-2024-48014",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Fusion Middleware and Dell BSAFE Micro Edition Suite could allow unauthenticated attackers to cause denial of service, with CVSS scores indicating significant severity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-48014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-48014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2024-48014"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java has a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and HPE Telco Service Activator also exhibit various security vulnerabilities, including denial of service and SQL injection risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access and exploitation, including SSRF and arbitrary file reads, with CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48795",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebCenter Forms Recognition, Apache CXF, and HPE Telco Service Activator expose systems to data compromise, denial of service, and resource management issues, with varying severity levels.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-48795"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload could lead to denial of service (DoS) attacks, with specific versions identified as vulnerable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-53816",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities have been identified in Oracle Outside In Technology versions 8.5.7 and 8.5.8, and in 7-Zip prior to version 25.0.0, both allowing denial of service attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53816 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-53816"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-61752",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in Oracle WebLogic Server versions 14.1.1.0.0 and 14.1.2.0.0 allows unauthenticated attackers to exploit HTTP/2 access, potentially leading to denial of service with a CVSS score of 7.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61752 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61752"
},
{
"cve": "CVE-2025-61757",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A critical vulnerability in Oracle Fusion Middleware\u0027s Identity Manager (versions 12.2.1.4.0 and 14.1.2.1.0) allows unauthenticated HTTP attackers to potentially take over the system, with a CVSS score of 9.8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61757 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61757.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61757"
},
{
"cve": "CVE-2025-61764",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 allows unauthenticated attackers to access certain data via HTTP, with a CVSS 3.1 Base Score of 5.3 indicating confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61764 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61764.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61764"
}
]
}
NCSC-2025-0340
Vulnerability from csaf_ncscnl - Published: 2025-10-23 14:13 - Updated: 2025-10-23 14:13Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft (Specifiek voor versies 8.60, 8.61, 8.62 en 9.2).
Interpretaties: De kwetsbaarheden in Oracle PeopleSoft stellen aanvallers in staat om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en kunnen leiden tot gegevensmanipulatie. Dit omvat kwetsbaarheden die het mogelijk maken voor zowel laag- als hooggeprivilegieerde aanvallers om via HTTP toegang te krijgen tot kritieke data, met een CVSS-score variërend van 4.3 tot 7.5, wat wijst op aanzienlijke risico's voor de vertrouwelijkheid en integriteit van de gegevens. De kwetsbaarheden zijn te vinden in verschillende componenten zoals OpenSearch Dashboards, PeopleTools, en IT Asset Management.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-125: Out-of-bounds Read
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-295: Improper Certificate Validation
CWE-400: Uncontrolled Resource Consumption
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-674: Uncontrolled Recursion
Oracle PeopleSoft's OpenSearch Dashboards (version 8.62) has a vulnerability allowing low-privileged attackers to exploit the system via HTTP, while earlier OpenSearch versions are vulnerable to XSS attacks due to unsanitized Markdown.
6.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
9.4 (Critical)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
OpenSSL 3.5 has a critical bug in the -addreject option that mislabels trusted certificates, while also being vulnerable to unauthorized data modification, alongside a separate vulnerability in Oracle Communications Cloud Native Core Certificate Management 25.1.200.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.
6.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent vulnerabilities in urllib3 and Oracle PeopleSoft's PeopleTools expose systems to SSRF attacks and unauthorized data access, with specific issues related to redirect handling and low-privileged access.
5.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Rich Text Editor component in versions 8.60, 8.61, and 8.62 allows low-privileged attackers to compromise the system through human interaction, risking unauthorized data access and modifications.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Performance Monitor component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to execute a denial of service attack via HTTP, with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.
6.1 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's OpenSearch Dashboards (versions 8.60, 8.61, and 8.62) allows high-privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows high-privileged attackers to compromise the system, impacting data confidentiality and integrity with a CVSS score of 5.5.
5.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows low-privileged attackers to compromise the system, posing a moderate risk with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications, with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.61 and 8.62) allows low-privileged attackers to gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 4.3 indicating confidentiality impacts.
4.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft IT Asset Management 9.2 allows low-privileged attackers with network access to compromise the system, posing significant confidentiality risks with a CVSS score of 6.5.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's FIN Maintenance Management product (version 9.2) allows low-privileged attackers to compromise data, resulting in unauthorized updates, deletions, and read access, with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's FIN Payables product (version 9.2) allows low-privileged attackers to exploit the system via HTTP, potentially leading to unauthorized data access and partial denial of service, with a CVSS score of 6.3.
6.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
References
19 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft (Specifiek voor versies 8.60, 8.61, 8.62 en 9.2).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle PeopleSoft stellen aanvallers in staat om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en kunnen leiden tot gegevensmanipulatie. Dit omvat kwetsbaarheden die het mogelijk maken voor zowel laag- als hooggeprivilegieerde aanvallers om via HTTP toegang te krijgen tot kritieke data, met een CVSS-score vari\u00ebrend van 4.3 tot 7.5, wat wijst op aanzienlijke risico\u0027s voor de vertrouwelijkheid en integriteit van de gegevens. De kwetsbaarheden zijn te vinden in verschillende componenten zoals OpenSearch Dashboards, PeopleTools, en IT Asset Management.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2025-10-23T14:13:39.969386Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0340",
"initial_release_date": "2025-10-23T14:13:39.969386Z",
"revision_history": [
{
"date": "2025-10-23T14:13:39.969386Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise CS Financial Aid"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN IT Asset Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Maintenance Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Payables"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-54160",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Oracle PeopleSoft\u0027s OpenSearch Dashboards (version 8.62) has a vulnerability allowing low-privileged attackers to exploit the system via HTTP, while earlier OpenSearch versions are vulnerable to XSS attacks due to unsanitized Markdown.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54160 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-54160.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2024-54160"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4575",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "OpenSSL 3.5 has a critical bug in the -addreject option that mislabels trusted certificates, while also being vulnerable to unauthorized data modification, alongside a separate vulnerability in Oracle Communications Cloud Native Core Certificate Management 25.1.200.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4575 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4575.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-4575"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50181",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "description",
"text": "Recent vulnerabilities in urllib3 and Oracle PeopleSoft\u0027s PeopleTools expose systems to SSRF attacks and unauthorized data access, with specific issues related to redirect handling and low-privileged access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50181 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50181.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-50181"
},
{
"cve": "CVE-2025-53048",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Rich Text Editor component in versions 8.60, 8.61, and 8.62 allows low-privileged attackers to compromise the system through human interaction, risking unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53048"
},
{
"cve": "CVE-2025-53050",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Performance Monitor component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to execute a denial of service attack via HTTP, with a CVSS score of 7.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53050 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53050.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53050"
},
{
"cve": "CVE-2025-53055",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53055 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53055.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53055"
},
{
"cve": "CVE-2025-53059",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s OpenSearch Dashboards (versions 8.60, 8.61, and 8.62) allows high-privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53059"
},
{
"cve": "CVE-2025-53061",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows high-privileged attackers to compromise the system, impacting data confidentiality and integrity with a CVSS score of 5.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53061 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53061.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53061"
},
{
"cve": "CVE-2025-53063",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows low-privileged attackers to compromise the system, posing a moderate risk with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53063 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53063.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53063"
},
{
"cve": "CVE-2025-53065",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53065 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53065.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53065"
},
{
"cve": "CVE-2025-61750",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.61 and 8.62) allows low-privileged attackers to gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 4.3 indicating confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61750 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61750"
},
{
"cve": "CVE-2025-61758",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft IT Asset Management 9.2 allows low-privileged attackers with network access to compromise the system, posing significant confidentiality risks with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61758 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61758.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61758"
},
{
"cve": "CVE-2025-61761",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s FIN Maintenance Management product (version 9.2) allows low-privileged attackers to compromise data, resulting in unauthorized updates, deletions, and read access, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61761 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61761.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61761"
},
{
"cve": "CVE-2025-61762",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s FIN Payables product (version 9.2) allows low-privileged attackers to exploit the system via HTTP, potentially leading to unauthorized data access and partial denial of service, with a CVSS score of 6.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61762 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61762"
}
]
}
NCSC-2026-0020
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:18 - Updated: 2026-01-21 09:18Summary
Kwetsbaarheden verholpen in Oracle Commerce
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit beïnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-125: Out-of-bounds Read
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-404: Improper Resource Shutdown or Release
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-863: Incorrect Authorization
CWE-937: CWE-937
CWE-1035: CWE-1035
Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.
8.6 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
5.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
References
7 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit be\u00efnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2026-01-21T09:18:16.268788Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0020",
"initial_release_date": "2026-01-21T09:18:16.268788Z",
"revision_history": [
{
"date": "2026-01-21T09:18:16.268788Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Guided Search"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-50059"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-66516"
}
]
}
NCSC-2026-0021
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:19 - Updated: 2026-01-21 09:19Summary
Kwetsbaarheden verholpen in Oracle Database Server producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten.
Interpretaties: De kwetsbaarheden in Oracle Database Server stellen niet-geauthenticeerde aanvallers in staat om de integriteit en vertrouwelijkheid van gegevens te compromitteren. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige data en zelfs een mogelijke overname van de SQLcl-component.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-295: Improper Certificate Validation
CWE-297: Improper Validation of Certificate with Host Mismatch
CWE-326: Inadequate Encryption Strength
CWE-347: Improper Verification of Cryptographic Signature
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404: Improper Resource Shutdown or Release
CWE-457: Use of Uninitialized Variable
CWE-502: Deserialization of Untrusted Data
CWE-674: Uncontrolled Recursion
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-862: Missing Authorization
CWE-908: Use of Uninitialized Resource
CWE-937: CWE-937
CWE-1035: CWE-1035
Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.
8.7 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Recent vulnerabilities in Oracle NoSQL Database and Apache Parquet allow for significant security risks, including arbitrary code execution and database compromise, affecting versions 1.5 and 1.6 of Oracle NoSQL and 1.15.0 and earlier of Apache Parquet.
10.0 (Critical)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.
9.8 (Critical)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Apache Spark versions prior to 4.0.0, 3.5.2, and 3.4.4 have a vulnerability due to insecure RPC encryption, while Oracle GoldenGate Stream Analytics versions 19.1.0.0.0-19.1.0.0.11 allow unauthorized data access.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle GoldenGate's JDBC Driver for SQL Server (versions 21.3-21.20 and 23.4-23.10) allows unauthenticated attackers to exploit improper input validation, posing significant confidentiality and integrity risks with a CVSS score of 8.1.
8.1 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Netty's SMTP codec has a command injection vulnerability allowing email forgery, while Oracle GoldenGate Big Data and Application Adapters are susceptible to denial of service attacks by low-privileged users.
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Vulnerabilities in Oracle GraalVM for JDK and the GraalVM Multilingual Engine of Oracle Database Server allow unauthorized data access, with CVSS scores of 3.7 and 3.1, respectively.
CWE-862 - Missing AuthorizationAffected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
5.3 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions 2.4.0 to 2.4.65 expose systems to unauthorized data manipulation, denial of service, and sensitive information disclosure through various exploitation methods.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Multiple vulnerabilities in lz4-java (1.10.0 and earlier) and Oracle Essbase (21.8.0.0.0) allow unauthorized access and sensitive data disclosure due to insufficient buffer clearing and unauthenticated access, respectively.
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
The `io.netty.handler.codec.http.HttpRequestEncoder` is vulnerable to CRLF injection in the request URI, leading to request smuggling, while the Oracle Graal Development Kit for Micronaut has an exploitable vulnerability affecting specific versions.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle's Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.
5.4 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle APEX Sample Applications allows low-privileged attackers to compromise applications, leading to unauthorized data access and modifications across several supported versions.
5.4 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle Database Server's SQLcl component (versions 23.4.0-23.26.0) allows unauthenticated attackers to compromise SQLcl with human interaction, rated with a CVSS 3.1 Base Score of 7.0.
7.0 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in the Java VM component of Oracle Database Server versions 19.3-19.29 and 21.3-21.20 allows high-privileged authenticated users to potentially cause a denial of service, with a CVSS score of 4.5.
4.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle Zero Data Loss Recovery Appliance Software (versions 23.1.0-23.1.202509) allows unauthenticated attackers to potentially gain unauthorized read access to data, with a CVSS score of 3.1.
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
References
19 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle Database Server stellen niet-geauthenticeerde aanvallers in staat om de integriteit en vertrouwelijkheid van gegevens te compromitteren. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige data en zelfs een mogelijke overname van de SQLcl-component. ",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database Server producten",
"tracking": {
"current_release_date": "2026-01-21T09:19:00.000449Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0021",
"initial_release_date": "2026-01-21T09:19:00.000449Z",
"revision_history": [
{
"date": "2026-01-21T09:19:00.000449Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Core RDBMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Essbase"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Fleet Patching and Provisioning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "GoldenGate Big Data and Application Adapters"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Goldengate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "GraalVM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Graph Server And Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Java Virtual Machine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "NoSQL Database"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle APEX Sample Applications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Graal Development Kit for Micronaut"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Zero Data Loss Recovery Appliance Software"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SQLcl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Secure Backup"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Spatial and Graph"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-30065",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle NoSQL Database and Apache Parquet allow for significant security risks, including arbitrary code execution and database compromise, affecting versions 1.5 and 1.6 of Oracle NoSQL and 1.15.0 and earlier of Apache Parquet.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30065 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-30065.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-30065"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-55039",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Spark versions prior to 4.0.0, 3.5.2, and 3.4.4 have a vulnerability due to insecure RPC encryption, while Oracle GoldenGate Stream Analytics versions 19.1.0.0.0-19.1.0.0.11 allow unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55039 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55039.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-55039"
},
{
"cve": "CVE-2025-59250",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "A vulnerability in Oracle GoldenGate\u0027s JDBC Driver for SQL Server (versions 21.3-21.20 and 23.4-23.10) allows unauthenticated attackers to exploit improper input validation, posing significant confidentiality and integrity risks with a CVSS score of 8.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59250 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59250.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-59250"
},
{
"cve": "CVE-2025-59419",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Netty\u0027s SMTP codec has a command injection vulnerability allowing email forgery, while Oracle GoldenGate Big Data and Application Adapters are susceptible to denial of service attacks by low-privileged users.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59419 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59419.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-59419"
},
{
"cve": "CVE-2025-61755",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle GraalVM for JDK and the GraalVM Multilingual Engine of Oracle Database Server allow unauthorized data access, with CVSS scores of 3.7 and 3.1, respectively.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61755 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-61755"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-65082",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions 2.4.0 to 2.4.65 expose systems to unauthorized data manipulation, denial of service, and sensitive information disclosure through various exploitation methods.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65082 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65082.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-65082"
},
{
"cve": "CVE-2025-66566",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "Multiple vulnerabilities in lz4-java (1.10.0 and earlier) and Oracle Essbase (21.8.0.0.0) allow unauthorized access and sensitive data disclosure due to insufficient buffer clearing and unauthenticated access, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66566 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66566.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-66566"
},
{
"cve": "CVE-2025-67735",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The `io.netty.handler.codec.http.HttpRequestEncoder` is vulnerable to CRLF injection in the request URI, leading to request smuggling, while the Oracle Graal Development Kit for Micronaut has an exploitable vulnerability affecting specific versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-67735 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-67735.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-67735"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-21931",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle APEX Sample Applications allows low-privileged attackers to compromise applications, leading to unauthorized data access and modifications across several supported versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21931 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21931.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21931"
},
{
"cve": "CVE-2026-21939",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s SQLcl component (versions 23.4.0-23.26.0) allows unauthenticated attackers to compromise SQLcl with human interaction, rated with a CVSS 3.1 Base Score of 7.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21939 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21939.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21939"
},
{
"cve": "CVE-2026-21975",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Java VM component of Oracle Database Server versions 19.3-19.29 and 21.3-21.20 allows high-privileged authenticated users to potentially cause a denial of service, with a CVSS score of 4.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21975 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21975.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21975"
},
{
"cve": "CVE-2026-21977",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Zero Data Loss Recovery Appliance Software (versions 23.1.0-23.1.202509) allows unauthenticated attackers to potentially gain unauthorized read access to data, with a CVSS score of 3.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21977.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21977"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…