Oracle Critical Patch Update Advisory - April 2023 - Oracle CVRF Oracle Critical Patch Update Advisory CPUApr2023 Final 2 2 2023-04-25T10:00:00-07:00 Rev 2. Added Credit and Protocol for WebLogic 2023-04-18T13:00:00-07:00 2023-04-25T10:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had security patches released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including security patch distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/docs/tech/security-alerts/cpuapr2023cvrf.xml https://www.oracle.com/security-alerts/cpuapr2023.html URL to html version of Advisory Richard A. Chaaya (RAC) Adam Reziouk Airbus Cyber Vulnerabilities Service Adam Willard Adam Willard Ahmed Ramzy Ahmed Ramzy Alex Rubin Amazon Web Services IT Security AnhNH Sacombank Aobo Wang of Chaitin Security Research Lab Arras Aniss Arras Aniss BeichenDream Ben Smyth Bien Pham of Qrious Security working with Trend Micro's Zero Day Initiative CSOC-FTEL ChauUHM Sacombank Ayansh Sinha (CyberDad) Dan Urson Amazon Web Services IT Security Ramki Ramakrishna of Amazon Dema Alsaif Dema Alsaif Dinesh Kumar (dhina016) Dungdm (piers2) of Viettel Cyber Security working with Trend Micro's Zero Day Initiative Emad Al-Mousa of Saudi Aramco Evgeny Astigeevich of Amazon Development Centre (London) Ltd c0ny1 Hannu Forsten Hannu Forsten Ivan Andres Valdivieso Castillo Ivan Andres Valdivieso Castillo Jaspreet Singh Jaspreet Singh Jean-Michel Huguet from NATO Cyber Security Centre (NCSC) Jerome Nokin from NATO Cyber Security Centre (NCSC) Jie Liang WingTecher Lab of Tsinghua University Jingzhou Fu WingTecher Lab of Tsinghua University Jonathan Looney of Netflix Khanh Nguyen Khanh Nguyen Khanh Nguyen Duy Quoc Kieran Foley Kieran Foley Krishna Chaitanya Velicheti Krishna Chaitanya Velicheti Kun Yang of Chaitin Security Research Lab Lai Han Lai Han Liboheng of Tophant Starlight laboratory thiscodecc of MoyunSec TopBreaker Labs and Bing of MoyunSec P1ay2win of Qianxin Wuji Lab Linrong Cao of Noah-Lab of 360 Lu Yu of Chaitin Security Research Lab Luo Likang of NSFOCUS TIANJI Lab Martin Rakhmanov of Amazon Web Services IT Security Nguyen Binh Minh of CSOC-FTEL Nguyen Binh Yen of CSOC-FTEL Okeen Armua Okeen Armua PJ Fanning PJ Fanning Philippe Antoine of Telecom Nancy Pim Dieleman of Cadran Consultancy B.V. 4ra1n of Chaitin Tech Qualcomm Cyber SOC Qualcomm Cyber SOC Rens Rsecure Roman Wagner Code Intelligence Sanket Sherkhane Sanket Sherkhane Seth Duda of SquareWorks Consulting Sharique Raza Sharique Raza Shubham Shah, Sean Yeoh, Jason Haddix, Brendan Scarvell Thomas Bouzerar (MajorTomSec) from Synacktiv TungHT Sacombank tr1ple (AntGroup FG) Wang Ke of Zhejiang University 0xrumbe, zd of ThreatBook Labs X1r0z X1r0z Y4tacker Yu Wang BMH Security Team aw0yo of Cyber KunLun Zhangyi Chen of Noah-Lab of 360 Zhiyong Wu WingTecher Lab of Tsinghua University Zu-Ming Jiang Zu-Ming Jiang bluE0 bluE0 Ishan Vyas sw0rd1ight ADLab of Venustech Oracle BI Publisher Version 12.2.1.4.0 Oracle BI Publisher Version 6.4.0.0.0 Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0 Oracle Business Intelligence Enterprise Edition Version 5.9.0.0.0 Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0 Oracle Big Data Spatial and Graph Version Prior to 23.1 Oracle Blockchain Platform Version Prior to 21.1.3 Oracle Commerce Guided Search Version 11.3.2 Oracle Commerce Platform Version 11.3.0 Oracle Commerce Platform Version 11.3.1 Oracle Commerce Platform Version 11.3.2 Management Cloud Engine Version 22.1.0.0.0 Oracle Communications Cloud Native Configuration Console Version 22.4.1 Oracle Communications Cloud Native Configuration Console Version 23.1.0 Oracle Communications Cloud Native Core Automated Test Suite Version 22.3.1 Oracle Communications Cloud Native Core Automated Test Suite Version 22.4.0 Oracle Communications Cloud Native Core Binding Support Function Version 22.4.0-22.4.4 Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0 Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0-23.1.1 Oracle Communications Cloud Native Core Binding Support Function Version 23.1.1 Oracle Communications Cloud Native Core Console Version 22.3.0 Oracle Communications Cloud Native Core Console Version 22.4.0 Oracle Communications Cloud Native Core Network Exposure Function Version 22.4.2 Oracle Communications Cloud Native Core Network Exposure Function Version 23.1.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 22.4.0 Oracle Communications Cloud Native Core Network Repository Function Version 23.1.0 Oracle Communications Cloud Native Core Policy Version 22.4.0-22.4.4 Oracle Communications Cloud Native Core Policy Version 23.1.0-23.1.1 Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.1 Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.2 Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.0 Oracle Communications Cloud Native Core Service Communication Proxy Version 22.3.0 Oracle Communications Cloud Native Core Service Communication Proxy Version 22.4.0 Oracle Communications Cloud Native Core Unified Data Repository Version 22.4.1 Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.0 Oracle Communications Core Session Manager Version 8.45 Oracle Communications Core Session Manager Version 9.15 Oracle Communications Diameter Signaling Router Version 8.6.0.0 Oracle Communications Element Manager Version 9.0.0 Oracle Communications Element Manager Version 9.0.1 Oracle Communications Operations Monitor Version 5.0 Oracle Communications Policy Management Version 12.6.0.0.0 Oracle Communications Services Gatekeeper Version 7.0.0.0.0 Oracle Communications Session Border Controller Version 9.0 Oracle Communications Session Border Controller Version 9.1 Oracle Communications Session Report Manager Version 9.0.0 Oracle Communications Session Report Manager Version 9.0.1 Oracle Communications Session Router Version 9.0 Oracle Communications Session Router Version 9.1 Oracle Communications Subscriber-Aware Load Balancer Version 9.0 Oracle Communications Subscriber-Aware Load Balancer Version 9.1 Oracle Communications User Data Repository Version 12.6.1.0.0 Oracle Enterprise Communications Broker Version 3.3 Oracle Enterprise Communications Broker Version 4.0 Oracle Enterprise Session Router Version 9.1 Oracle SD-WAN Aware Version 9.0.1.6.0 Oracle SD-WAN Edge Version 9.1.1.3.0 Oracle SD-WAN Edge Version 9.1.1.4.0 Oracle Communications Convergent Charging Controller Version 12.0.1.0.0-12.0.6.0.0 Oracle Communications Convergent Charging Controller Version 12.0.4-12.0.6 Oracle Communications Convergent Charging Controller Version 6.0.1.0.0 Oracle Communications IP Service Activator Version 7.4.0 Oracle Communications IP Service Activator Version 7.5.0 Oracle Communications Network Charging and Control Version 12.0.1.0.0-12.0.6.0.0 Oracle Communications Network Charging and Control Version 12.0.4-12.0.6 Oracle Communications Network Charging and Control Version 6.0.1.0.0 Oracle Communications Order and Service Management Version 7.4.1 Oracle Communications Unified Assurance Version 5.5.0-5.5.10 Oracle Communications Unified Assurance Version 5.5.0-5.5.9 Oracle Communications Unified Assurance Version 6.0.0-6.0.1 Oracle Communications Unified Assurance Version 6.0.0-6.0.2 Oracle Communications Unified Inventory Management Version 7.4.0 Oracle Communications Unified Inventory Management Version 7.4.1 Oracle Communications Unified Inventory Management Version 7.4.2 Oracle Communications Unified Inventory Management Version 7.5.0 Primavera P6 Enterprise Project Portfolio Management Version 18.8.0-18.8.26 Primavera P6 Enterprise Project Portfolio Management Version 19.12.0-19.12.21 Primavera P6 Enterprise Project Portfolio Management Version 20.12.0-20.12.18 Primavera P6 Enterprise Project Portfolio Management Version 21.12.0-21.12.12 Primavera P6 Enterprise Project Portfolio Management Version 22.12.0-22.12.3 Primavera Unifier Version 18.8.0-18.8.18 Primavera Unifier Version 19.12.0-19.12.16 Primavera Unifier Version 20.12.0-20.12.16 Primavera Unifier Version 21.12.0-21.12.14 Primavera Unifier Version 22.12.0-22.12.3 Oracle Database Server(Java VM) Version 19c Oracle Database Server(Oracle Database Recovery Manager) Version 19c Oracle Database Server(Oracle Database) Version 19c Oracle Database Server(Java VM) Version 21c Oracle Database Server(Oracle Database OML4PY) Version 21c Oracle Database Server(Oracle Database Recovery Manager) Version 21c Oracle Database Server(Oracle Database Workload Manager) Version 21c Oracle Database Server(Oracle Database) Version 21c Oracle SQLcl Version 21c Spatial and Graph Version 19c Spatial and Graph Version 21c Oracle Application Object Library Version 12.2.3-12.2.11 Oracle User Management Version 12.2.3-12.2.12 Oracle iProcurement Version 12.2.3-12.2.12 Oracle iReceivables Version 12.2.3-12.2.12 Oracle Application Testing Suite Version 13.3.0.1 Oracle Enterprise Manager Ops Center Version 12.4.0.0 Oracle Essbase Version 21.4 Oracle Banking APIs Version 18.2 Oracle Banking APIs Version 18.3 Oracle Banking APIs Version 19.1 Oracle Banking APIs Version 19.2 Oracle Banking APIs Version 21.1 Oracle Banking APIs Version 22.1 Oracle Banking APIs Version 22.2 Oracle Banking Corporate Lending Version 14.0-14.3 Oracle Banking Corporate Lending Version 14.5-14.7 Oracle Banking Corporate Lending Process Management Version 14.4-14.7 Oracle Banking Digital Experience Version 18.2 Oracle Banking Digital Experience Version 18.3 Oracle Banking Digital Experience Version 19.1 Oracle Banking Digital Experience Version 19.2 Oracle Banking Digital Experience Version 21.1 Oracle Banking Digital Experience Version 22.1 Oracle Banking Digital Experience Version 22.2 Oracle Banking Payments Version 14.5 Oracle Banking Payments Version 14.6 Oracle Banking Payments Version 14.7 Oracle Banking Trade Finance Version 14.5 Oracle Banking Trade Finance Version 14.6 Oracle Banking Trade Finance Version 14.7 Oracle Banking Treasury Management Version 14.5 Oracle Banking Treasury Management Version 14.6 Oracle Banking Treasury Management Version 14.7 Oracle Banking Virtual Account Management Version 14.5 Oracle Banking Virtual Account Management Version 14.6 Oracle Banking Virtual Account Management Version 14.7 Oracle FLEXCUBE Core Banking Version 11.10 Oracle FLEXCUBE Core Banking Version 11.11 Oracle FLEXCUBE Core Banking Version 11.6 Oracle FLEXCUBE Core Banking Version 11.7 Oracle FLEXCUBE Core Banking Version 11.8 Oracle FLEXCUBE Universal Banking Version 14.0-14.3 Oracle FLEXCUBE Universal Banking Version 14.5-14.7 Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7.0 Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8.0 Oracle Financial Services Analytical Applications Infrastructure Version 8.0.9.0 Oracle Financial Services Analytical Applications Infrastructure Version 8.1.0.0 Oracle Financial Services Analytical Applications Infrastructure Version 8.1.1.0 Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2.0 Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2.1 Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2.2 Oracle Financial Services Analytical Applications Reconciliation Framework Version 8.0.7.1.2 Oracle Financial Services Analytical Applications Reconciliation Framework Version 8.1.1.1.7 Oracle Financial Services Asset Liability Management Version 8.0.7.8.0 Oracle Financial Services Balance Computation Engine Version 8.1.1.1.1 Oracle Financial Services Balance Sheet Planning Version 8.0.8.1.4 Oracle Financial Services Behavior Detection Platform Version 8.0.8.1 Oracle Financial Services Behavior Detection Platform Version 8.1.1.1 Oracle Financial Services Behavior Detection Platform Version 8.1.2.3 Oracle Financial Services Behavior Detection Platform Version 8.1.2.4 Oracle Financial Services Compliance Studio Version 8.1.2.4 Oracle Financial Services Crime and Compliance Management Studio Version 8.0.8.3.5 Oracle Financial Services Currency Transaction Reporting Version 8.0.8.1.0 Oracle Financial Services Currency Transaction Reporting Version 8.1.1.1.0 Oracle Financial Services Currency Transaction Reporting Version 8.1.2.3.0 Oracle Financial Services Currency Transaction Reporting Version 8.1.2.4.1 Oracle Financial Services Data Governance for US Regulatory Reporting Version 8.1.2.0 Oracle Financial Services Data Governance for US Regulatory Reporting Version 8.1.2.1 Oracle Financial Services Data Integration Hub Version 8.0.7.3.1 Oracle Financial Services Data Integration Hub Version 8.1.0.1.4 Oracle Financial Services Data Integration Hub Version 8.1.2.2.1 Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management Version 8.0.7.3.1 Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management Version 8.0.8.3.1 Oracle Financial Services Enterprise Case Management Version 8.0.8.2 Oracle Financial Services Enterprise Case Management Version 8.1.1.1 Oracle Financial Services Enterprise Case Management Version 8.1.2.3 Oracle Financial Services Enterprise Case Management Version 8.1.2.4 Oracle Financial Services Enterprise Financial Performance Analytics Version 8.0.7.8.1 Oracle Financial Services Funds Transfer Pricing Version 8.0.7.8.1 Oracle Financial Services Institutional Performance Analytics Version 8.0.7.8.1 Oracle Financial Services Liquidity Risk Measurement and Management Version 8.0.7.3.1 Oracle Financial Services Liquidity Risk Measurement and Management Version 8.0.8.3.1 Oracle Financial Services Loan Loss Forecasting and Provisioning Version 8.0.7.8.1 Oracle Financial Services Loan Loss Forecasting and Provisioning Version 8.0.8.2.1 Oracle Financial Services Model Management and Governance Version 8.1.0.0 Oracle Financial Services Model Management and Governance Version 8.1.2.0 Oracle Financial Services Profitability Management Version 8.0.7.8.1 Oracle Financial Services Regulatory Reporting Version 8.0.8.1 Oracle Financial Services Regulatory Reporting Version 8.1.1.1 Oracle Financial Services Regulatory Reporting Version 8.1.2.3 Oracle Financial Services Regulatory Reporting Version 8.1.2.4 Oracle Financial Services Regulatory Reporting with AgileREPORTER Version 8.1.1.2.0 Oracle Financial Services Retail Performance Analytics Version 8.0.7.8.1 Oracle Financial Services Revenue Management and Billing Version 2.7 Oracle Financial Services Revenue Management and Billing Version 2.7.1 Oracle Financial Services Revenue Management and Billing Version 2.8 Oracle Financial Services Revenue Management and Billing Version 2.9 Oracle Financial Services Revenue Management and Billing Version 2.9.1 Oracle Financial Services Revenue Management and Billing Version 3.0 Oracle Financial Services Revenue Management and Billing Version 3.1 Oracle Financial Services Revenue Management and Billing Version 3.2 Oracle Financial Services Revenue Management and Billing Version 4.0 Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8.0.0 Oracle Access Manager Version 12.2.1.4.0 Oracle Business Process Management Suite Version 12.2.1.4.0 Oracle Coherence Version 12.2.1.4.0 Oracle Coherence Version 14.1.1.0.0 Oracle Data Integrator Version 12.2.1.4.0 Oracle HTTP Server Version 12.2.1.4.0 Oracle Identity Manager Version 12.2.1.4.0 Oracle JDeveloper Version 12.2.1.4.0 Oracle Managed File Transfer Version 12.2.1.4.0 Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0 Oracle Outside In Technology Version 8.5.6 Oracle SOA Suite Version 12.2.1.4.0 Oracle WebCenter Portal Version 12.2.1.4.0 Oracle WebCenter Sites Version 12.2.1.4.0 Oracle WebLogic Server(Console) Version 12.2.1.3.0 Oracle WebLogic Server(Third Party) Version 12.2.1.3.0 Oracle WebLogic Server Version 12.2.1.3.0 Oracle WebLogic Server(Console) Version 12.2.1.4.0 Oracle WebLogic Server(Third Party) Version 12.2.1.4.0 Oracle WebLogic Server Version 12.2.1.4.0 Oracle WebLogic Server(Console) Version 14.1.1.0.0 Oracle WebLogic Server(Third Party) Version 14.1.1.0.0 Oracle WebLogic Server Version 14.1.1.0.0 Oracle GoldenGate Version Prior to 19.1.0.0.230418 Oracle GoldenGate Version Prior to 21.10.0.0.0 Oracle GoldenGate Studio Version Fusion Middleware: 12.2.1.4.0 Oracle Graph Server and Client Version Prior to 23.1.0 Oracle Graph Server and Client Version Prior to 23.2.0 Oracle Argus Insight Version Prior to 8.2.3 Oracle Argus Safety Version Prior to 8.2.3 Oracle Clinical Remote Data Capture Version 5.4.0.2 Oracle Health Sciences InForm Version Prior to 6.3.1.3 Oracle Health Sciences InForm Version Prior to 7.0.0.1 Oracle Healthcare Foundation Version 8.1.0 Oracle Healthcare Foundation Version 8.1.1 Oracle Healthcare Foundation Version 8.2.0 Oracle Healthcare Foundation Version 8.2.1 Oracle Healthcare Foundation Version 8.2.2 Oracle Healthcare Master Person Index Version 5.0.0-5.0.4 Oracle Healthcare Translational Research Version 4.1.0 Oracle Healthcare Translational Research Version 4.1.1 Oracle Hospitality OPERA 5 Property Services Version 5.6 Oracle Hyperion Financial Reporting Version 11.2.12 Oracle Hyperion Infrastructure Technology Version 11.2.12 Oracle Documaker Version 12.6.0.0.0 Oracle Documaker Version 12.6.2.0.0-12.6.4.0.0 Oracle Documaker Version 12.7.0.0.0 Oracle Documaker Version 12.7.1.0.0 Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Version 1.0.1.8 JD Edwards EnterpriseOne Orchestrator Version Prior to 9.2.7.3 JD Edwards EnterpriseOne Tools Version Prior to 9.2.7.2 JD Edwards EnterpriseOne Tools Version Prior to 9.2.7.3 JD Edwards World Security Version A9.4 Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.8 Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.9 Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.4 Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.5 Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.0 Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.1 Oracle Java SE Version Oracle Java SE:11.0.18 Oracle Java SE Version Oracle Java SE:17.0.6 Oracle Java SE Version Oracle Java SE:20 Oracle Java SE Version Oracle Java SE:8u361 Oracle Java SE Version Oracle Java SE:8u361-perf MySQL Cluster Version 7.5.29 and prior MySQL Cluster Version 7.6.25 and prior MySQL Cluster Version 8.0.31 and prior MySQL Cluster Version 8.0.32 and prior MySQL Connectors(Connector/C++) Version 8.0.32 and prior MySQL Connectors(Connector/ODBC) Version 8.0.32 and prior MySQL Connectors Version 8.0.32 and prior MySQL Enterprise Monitor Version 8.0.33 and prior MySQL Server Version 5.7.40 and prior MySQL Server Version 5.7.41 and prior MySQL Server Version 8.0.30 and prior MySQL Server Version 8.0.31 and prior MySQL Server Version 8.0.32 and prior MySQL Workbench Version 8.0.32 and prior Oracle NoSQL Database Version Prior to 19.5.32 PeopleSoft Enterprise HCM Human Resources Version 9.2 PeopleSoft Enterprise PeopleTools Version 8.58 PeopleSoft Enterprise PeopleTools Version 8.59 PeopleSoft Enterprise PeopleTools Version 8.60 Oracle REST Data Services Version Prior to 23.1.0 Oracle Retail Customer Management and Segmentation Foundation Version 18.0.0.12 Oracle Retail Customer Management and Segmentation Foundation Version 19.0.0.6 Oracle Retail Fiscal Management Version 14.2 Oracle Retail Invoice Matching Version 15.0.3 Oracle Retail Invoice Matching Version 16.0.3 Oracle Retail Merchandising System Version 15.0.3.1 Oracle Retail Merchandising System Version 16.0.2 Oracle Retail Merchandising System Version 16.0.3 Oracle Retail Predictive Application Server Version 15.0.3 Oracle Retail Predictive Application Server Version 16.0.3 Oracle Retail Price Management Version 14.1.3.2 Oracle Retail Price Management Version 15.0.3.1 Oracle Retail Price Management Version 16.0.3 Oracle Retail Sales Audit Version 15.0.3.1 Oracle Retail Xstore Office Cloud Service Version 18.0.5 Oracle Retail Xstore Office Cloud Service Version 19.0.4 Oracle Retail Xstore Office Cloud Service Version 20.0.3 Oracle Retail Xstore Office Cloud Service Version 21.0.2 Oracle Retail Xstore Point of Service Version 17.0.6 Oracle Retail Xstore Point of Service(Point of Sale) Version 18.0.5 Oracle Retail Xstore Point of Service(Xenvironment) Version 18.0.5 Oracle Retail Xstore Point of Service Version 18.0.5 Oracle Retail Xstore Point of Service(Point of Sale) Version 19.0.4 Oracle Retail Xstore Point of Service(Xenvironment) Version 19.0.4 Oracle Retail Xstore Point of Service Version 19.0.4 Oracle Retail Xstore Point of Service(Point of Sale) Version 20.0.3 Oracle Retail Xstore Point of Service(Xenvironment) Version 20.0.3 Oracle Retail Xstore Point of Service Version 20.0.3 Oracle Retail Xstore Point of Service(Point of Sale) Version 21.0.2 Oracle Retail Xstore Point of Service(Xenvironment) Version 21.0.2 Oracle Retail Xstore Point of Service Version 21.0.2 Oracle SQL Developer Version Prior to 22.4.0 Oracle SQL Developer Version Prior to 23.1.0 Siebel CRM Version 21.10 and prior Siebel CRM Version 22.10 and prior Siebel CRM Version 22.5 and prior Siebel CRM Version 23.2 and prior Siebel CRM Version 23.2 and prior Siebel CRM Version 23.3 and prior Oracle Agile PLM Version 9.3.6 Oracle Solaris Version 10 Oracle Solaris Version 11 Oracle TimesTen In-Memory Database Version Prior to 22.1.1.7.0 Oracle Utilities Application Framework Version 4.2.0.3.0 Oracle Utilities Application Framework Version 4.3.0.1.0-4.3.0.6.0 Oracle Utilities Application Framework Version 4.4.0.0.0 Oracle Utilities Application Framework Version 4.4.0.2.0 Oracle Utilities Application Framework Version 4.4.0.3.0 Oracle Utilities Application Framework Version 4.5.0.0.0 Oracle Utilities Network Management System Version 2.3.0.2 Oracle Utilities Network Management System Version 2.4.0.1 Oracle Utilities Network Management System Version 2.5.0.0 Oracle Utilities Network Management System Version 2.5.0.1 Oracle Utilities Network Management System Version 2.5.0.2 Oracle VM VirtualBox Version Prior to 6.1.44 Oracle VM VirtualBox Version Prior to 7.0.8 Oracle iLearning Version 6.3.1 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Machine Learning (Flask)). The supported version that is affected is 6.4.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-1000656 P-2025V-6.4.0.0.0 4.8 AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure (Apache Xerces-C++)). Supported versions that are affected are Prior to 9.2.7.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-1311 P-4781V-Prior to 9.2.7.3 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces (Eclipse Mojarra)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2018-14371 P-807V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle JDeveloper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-807V-12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Commons BeanUtils)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-2025V-6.4.0.0.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Apache Commons BeanUtils)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-13339V-1.0.1.8 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-13339V-1.0.1.8 Security-in-Depth issue in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BIInfer (Jackson-mapper-asl)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2019-10172 P-2025V-12.2.1.4.0 0.0 Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-12.2.1.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Pivotal RabbitMQ)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-11287 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache POI)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Revenue Management and Billing executes to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-12415 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 Vulnerability in the Oracle Argus Insight product of Oracle Health Sciences Applications (component: Core (Telerik UI for ASP.NET AJAX)). Supported versions that are affected are Prior to 8.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Insight. Successful attacks of this vulnerability can result in takeover of Oracle Argus Insight. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-18935 P-5717V-Prior to 8.2.3 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Argus Insight Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-5717V-Prior to 8.2.3 Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Core (Telerik UI for ASP.NET AJAX)). Supported versions that are affected are Prior to 8.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in takeover of Oracle Argus Safety. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-18935 P-5710V-Prior to 8.2.3 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Argus Safety Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-5710V-Prior to 8.2.3 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (Jython)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-20916 P-5565V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Access Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5565V-12.2.1.4.0 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Apache Batik)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2020-11987 P-13339V-1.0.1.8 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-13339V-1.0.1.8 Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Batik)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-11987 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 0.0 Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936478.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache XML Graphics Commons)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2020-11988 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Velocity Engine)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-13936 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0-4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Utilities Application Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936478.1 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0-4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Samples (Apache CXF)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-13954 P-9617V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle WebCenter Sites Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-9617V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (PyYAML)). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14343 P-5085V-8.58 P-5085V-8.59 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 P-5085V-8.59 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC (jUnit)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-15250 P-4781V-Prior to 9.2.7.3 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in Oracle iLearning (component: Installation (Apache Groovy)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle iLearning executes to compromise Oracle iLearning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-17521 P-902V-6.3.1 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle iLearning Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939823.1 P-902V-6.3.1 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (JBoss Enterprise Application Platform)). The supported version that is affected is 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-25638 P-5242V-14.1.1.0.0 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (jackson-databind)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-13339V-1.0.1.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-13339V-1.0.1.8 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-28052 P-2025V-12.2.1.4.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-12.2.1.4.0 Vulnerability in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: Other (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 7.4.0 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Communications IP Service Activator. Successful attacks of this vulnerability can result in takeover of Oracle Communications IP Service Activator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-35168 P-2261V-7.4.0 P-2261V-7.5.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications IP Service Activator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936021.1 P-2261V-7.4.0 P-2261V-7.5.0 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-35168 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Documaker Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-35168 P-1823V-15.0.3 P-1823V-16.0.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Predictive Application Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-1823V-15.0.3 P-1823V-16.0.3 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are Prior to 21.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Blockchain Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Blockchain Platform accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-35169 P-13444V-Prior to 21.1.3 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in Oracle Blockchain Platform (component: BCS Console (jackson-databind)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-36518 P-13444V-Prior to 21.1.3 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Eclipse Mojarra)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-6950 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Elasticsearch)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-7009 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-7712 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Loging (Apache ZooKeeper)). Supported versions that are affected are 22.5 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in takeover of Siebel CRM. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-7712 P-9001V-22.5 and prior 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Siebel CRM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939854.1 P-9001V-22.5 and prior Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Google Guava)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where JD Edwards EnterpriseOne Orchestrator executes to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-8908 P-11681V-Prior to 9.2.7.3 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N JD Edwards EnterpriseOne Orchestrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-11681V-Prior to 9.2.7.3 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Google Protobuf-Java)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-22569 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in Oracle Blockchain Platform (component: BCS Console (nginx)). Supported versions that are affected are Prior to 21.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Blockchain Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Blockchain Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2021-23017 P-13444V-Prior to 21.1.3 7.7 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Lodash)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-23337 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (JSZip)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2021-23413 P-10354V-18.8.0-18.8.18 P-10354V-19.12.0-19.12.16 P-10354V-20.12.0-20.12.16 P-10354V-21.12.0-21.12.14 P-10354V-22.12.0-22.12.3 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936154.1 P-10354V-18.8.0-18.8.18 P-10354V-19.12.0-19.12.16 P-10354V-20.12.0-20.12.16 P-10354V-21.12.0-21.12.14 P-10354V-22.12.0-22.12.3 Vulnerability in Oracle iLearning (component: Installation (JDBC)). The supported version that is affected is 6.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iLearning. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-2351 P-902V-6.3.1 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Oracle iLearning Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939823.1 P-902V-6.3.1 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Apache POI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H). Security patch has been released CVE-2021-23926 P-2025V-12.2.1.4.0 7.3 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Application Archive (json-smart)). The supported version that is affected is 6.4.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-27568 P-2025V-6.4.0.0.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Backend (Eclipse Jersey)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-28168 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons IO)). Supported versions that are affected are 2.7, 2.8, 2.9, 3.0, 3.1, 3.2 and 4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2021-29425 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-29921 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Mina SSHD)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-30129 P-4781V-Prior to 9.2.7.3 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (json-smart)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-31684 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-34798 P-1042V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1042V-12.2.1.4.0 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (AntiSamy)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Policy Administration Operational Data Store for Life and Annuity, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-35043 P-13339V-1.0.1.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-13339V-1.0.1.8 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Apache Commons Compress)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36090 P-13444V-Prior to 21.1.3 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Content Storage Service (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36090 P-2025V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-12.2.1.4.0 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons Compress)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36090 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.8 P-5322V-2.9 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36090 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Deployment SEC (Apache Ant)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36373 P-4781V-Prior to 9.2.7.3 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Ant)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Application Testing Suite executes to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36374 P-4622V-13.3.0.1 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Application Testing Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923367.1 P-4622V-13.3.0.1 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Ant)). The supported version that is affected is 11.2.12. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36374 P-4392V-11.2.12 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Hyperion Infrastructure Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2775466.2 P-4392V-11.2.12 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Ant)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36374 P-4647V-12.2.1.4.0 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-4647V-12.2.1.4.0 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure (OpenSSL)). Supported versions that are affected are 22.10 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H). Security patch has been released CVE-2021-3712 P-9001V-22.10 and prior 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Siebel CRM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939854.1 P-9001V-22.10 and prior Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Patches (memcached)). The supported version that is affected is 12.6.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications User Data Repository executes to compromise Oracle Communications User Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-37519 P-11108V-12.6.1.0.0 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Communications User Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938448.1 P-11108V-12.6.1.0.0 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Remote Diagnostic Agent (Apache Commons Net)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-37533 P-4647V-12.2.1.4.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-4647V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker (Apache Commons Net)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-37533 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Open UI (CKEditor)). Supported versions that are affected are 21.10 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel CRM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM accessible data as well as unauthorized read access to a subset of Siebel CRM accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-37695 P-9011V-21.10 and prior 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Siebel CRM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939854.1 P-9011V-21.10 and prior Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (JSON Schema)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-3918 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Machine Learning (OpenBLAS)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Security patch has been released CVE-2021-4048 P-2025V-6.4.0.0.0 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (libgcrypt)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-40528 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Santuario XML Security For Java)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-40690 P-4622V-13.3.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Application Testing Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923367.1 P-4622V-13.3.0.1 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache CXF)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-40690 P-2025V-6.4.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (jQueryUI)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41183 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (jQueryUI)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-41184 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jQueryUI)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Analytical Applications Infrastructure Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939767.1 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.1.2 and 8.1.1.1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Reconciliation Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-5748V-8.0.7.1.2 P-5748V-8.1.1.1.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Analytical Applications Reconciliation Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939780.1 P-5748V-8.0.7.1.2 P-5748V-8.1.1.1.7 Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Asset Liability Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-5662V-8.0.7.8.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Asset Liability Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940045.1 P-5662V-8.0.7.8.0 Vulnerability in the Oracle Financial Services Balance Computation Engine product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.1.1.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Computation Engine. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Computation Engine, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Computation Engine accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Computation Engine accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-14246V-8.1.1.1.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Balance Computation Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2942325.1 P-14246V-8.1.1.1.1 Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.8.1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Sheet Planning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Sheet Planning accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-5663V-8.0.8.1.4 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Balance Sheet Planning Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940043.1 P-5663V-8.0.8.1.4 Vulnerability in the Oracle Financial Services Data Governance for US Regulatory Reporting product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.1.2.0 and 8.1.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Governance for US Regulatory Reporting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Governance for US Regulatory Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-11669V-8.1.2.0 P-11669V-8.1.2.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Data Governance for US Regulatory Reporting Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940075.1 P-11669V-8.1.2.0 P-11669V-8.1.2.1 Vulnerability in the Oracle Financial Services Data Integration Hub product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.1.0.1.4, 8.1.2.2.1 and 8.0.7.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Integration Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Integration Hub, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Integration Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Integration Hub accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-11289V-8.1.0.1.4 P-11289V-8.1.2.2.1 P-11289V-8.0.7.3.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Data Integration Hub Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939782.1 P-11289V-8.1.0.1.4 P-11289V-8.1.2.2.1 P-11289V-8.0.7.3.1 Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.3.1 and 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-13802V-8.0.7.3.1 P-13802V-8.0.8.3.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939725.1 P-13802V-8.0.7.3.1 P-13802V-8.0.8.3.1 Vulnerability in the Oracle Financial Services Enterprise Financial Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Financial Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Enterprise Financial Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Enterprise Financial Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Enterprise Financial Performance Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-4279V-8.0.7.8.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Enterprise Financial Performance Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940042.1 P-4279V-8.0.7.8.1 Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Funds Transfer Pricing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-5659V-8.0.7.8.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Funds Transfer Pricing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940037.1 P-5659V-8.0.7.8.1 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.8.1 and 8.0.8.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-9332V-8.0.7.8.1 P-9332V-8.0.8.2.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Loan Loss Forecasting and Provisioning Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939932.1 P-9332V-8.0.7.8.1 P-9332V-8.0.8.2.1 Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Institutional Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Institutional Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Institutional Performance Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-10215V-8.0.7.8.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Institutional Performance Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940040.1 P-10215V-8.0.7.8.1 Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.3.1 and 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Measurement and Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Measurement and Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-13797V-8.0.7.3.1 P-13797V-8.0.8.3.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Liquidity Risk Measurement and Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939725.1 P-13797V-8.0.7.3.1 P-13797V-8.0.8.3.1 Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-5658V-8.0.7.8.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Profitability Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940039.1 P-5658V-8.0.7.8.1 Vulnerability in the Oracle Financial Services Retail Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Retail Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Retail Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Retail Performance Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-10216V-8.0.7.8.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Retail Performance Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940041.1 P-10216V-8.0.7.8.1 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core (jQueryUI)). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Health Sciences InForm Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: User Interface (jQueryUI)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.0 and 2.5.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Utilities Network Management System, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Network Management System accessible data as well as unauthorized read access to a subset of Oracle Utilities Network Management System accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936478.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Mina)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-41973 P-4781V-Prior to 9.2.7.3 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (OWASP Java HTML Sanitizer )). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-42575 P-9348V-11.3.0 P-9348V-11.3.1 P-9348V-11.3.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Commerce Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939844.1 P-9348V-11.3.0 P-9348V-11.3.1 P-9348V-11.3.2 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (XStream)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-43859 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 Vulnerability in the Oracle Retail Invoice Matching product of Oracle Retail Applications (component: Security (Apache Log4j)). Supported versions that are affected are 15.0.3 and 16.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks of this vulnerability can result in takeover of Oracle Retail Invoice Matching. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-44832 P-1810V-15.0.3 P-1810V-16.0.3 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle Retail Invoice Matching Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-1810V-15.0.3 P-1810V-16.0.3 Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Security (Apache Log4j)). Supported versions that are affected are 14.1.3.2, 15.0.3.1 and 16.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Price Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Price Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-44832 P-1824V-14.1.3.2 P-1824V-15.0.3.1 P-1824V-16.0.3 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle Retail Price Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-1824V-14.1.3.2 P-1824V-15.0.3.1 P-1824V-16.0.3 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (GNU Libtasn1)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Security patch has been released CVE-2021-46848 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938436.1 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (OpenSSL)). The supported version that is affected is 9.1.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-1292 P-13940V-9.1.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle SD-WAN Edge Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938444.1 P-13940V-9.1.1.3.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (SnakeYAML)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-1471 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: TMF APIs (SnakeYAML)). Supported versions that are affected are 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-1471 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936066.1 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (SnakeYAML)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-1471 P-9427V-4.1.0 P-9427V-4.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Core (SnakeYAML)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-1471 P-13940V-9.1.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle SD-WAN Edge Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938444.1 P-13940V-9.1.1.4.0 Security-in-Depth issue in Oracle SQL Developer (component: Installation (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-1471 P-1875V-Prior to 23.1.0 0.0 Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 23.1.0 Security-in-Depth issue in the Oracle SQLcl (SnakeYAML) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-1471 P-13824V-21c 0.0 Oracle SQLcl (SnakeYAML) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13824V-21c Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (PCRE2)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Security patch has been released CVE-2022-1587 P-2025V-6.4.0.0.0 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Eclipse Jetty)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2048 P-13701V-14.4-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Corporate Lending Process Management Oracle customers with valid support contracts https://support.oracle.com P-13701V-14.4-14.7 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-2048 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech - Cloud Manager (Node.js)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools as well as unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2022-21824 P-4781V-Prior to 9.2.7.2 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.2 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-2274 P-4781V-Prior to 9.2.7.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in the JD Edwards World Security product of Oracle JD Edwards (component: World Software Security (OpenSSL)). The supported version that is affected is A9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards World Security. Successful attacks of this vulnerability can result in takeover of JD Edwards World Security. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-2274 P-4839V-A9.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards World Security Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4839V-A9.4 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Data Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-22965 P-2196V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Data Integrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-2196V-12.2.1.4.0 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Spring Framework)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-22965 P-13339V-1.0.1.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-13339V-1.0.1.8 Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-22965 P-10198V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Managed File Transfer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-10198V-12.2.1.4.0 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Framework)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-13701V-14.4-14.7 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Banking Corporate Lending Process Management Oracle customers with valid support contracts https://support.oracle.com P-13701V-14.4-14.7 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Spring Framework)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-13388V-18.0.0.12 P-13388V-19.0.0.6 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-13388V-18.0.0.12 P-13388V-19.0.0.6 Vulnerability in the Oracle Retail Fiscal Management product of Oracle Retail Applications (component: Security (Spring Framework)). The supported version that is affected is 14.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Fiscal Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Fiscal Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-9038V-14.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Retail Fiscal Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-9038V-14.2 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Spring Framework)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Security)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-22978 P-13701V-14.4-14.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Banking Corporate Lending Process Management Oracle customers with valid support contracts https://support.oracle.com P-13701V-14.4-14.7 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Cloud Function)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22979 P-13701V-14.4-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Corporate Lending Process Management Oracle customers with valid support contracts https://support.oracle.com P-13701V-14.4-14.7 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Tomcat)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Xstore Point of Service executes to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23181 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (glibc)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-23219 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (H2 Database)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-23221 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Log4j)). The supported version that is affected is 4.2.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23305 P-2245V-4.2.0.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Utilities Application Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936478.1 P-2245V-4.2.0.3.0 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Xerces2 Java)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-23437 P-4622V-13.3.0.1 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Application Testing Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923367.1 P-4622V-13.3.0.1 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (Apache Xerces2 Java)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-23437 P-9633V-11.3.2 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Commerce Guided Search Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939844.1 P-9633V-11.3.2 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Xerces2 Java)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-23437 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Xerces2 Java)). The supported version that is affected is 17.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-23437 P-11513V-17.0.6 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513V-17.0.6 Vulnerability in Oracle iLearning (component: Installation (Apache Xerces2 Java)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iLearning. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-23437 P-902V-6.3.1 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle iLearning Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939823.1 P-902V-6.3.1 Vulnerability in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Enterprise Security API)). The supported version that is affected is Fusion Middleware: 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GoldenGate Studio. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23457 P-10945V-Fusion Middleware: 12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle GoldenGate Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-10945V-Fusion Middleware: 12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Certifi)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Automated Test Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-23491 P-14488V-22.3.1 P-14488V-22.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938415.1 P-14488V-22.3.1 P-14488V-22.4.0 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (CKEditor)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-24729 P-9633V-11.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Commerce Guided Search Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939844.1 P-9633V-11.3.2 Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Securities (NekoHTML)). Supported versions that are affected are 11.6, 11.7, 11.8, 11.10 and 11.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Core Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-24839 P-9101V-11.6 P-9101V-11.7 P-9101V-11.8 P-9101V-11.10 P-9101V-11.11 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle FLEXCUBE Core Banking Oracle customers with valid support contracts https://support.oracle.com P-9101V-11.6 P-9101V-11.7 P-9101V-11.8 P-9101V-11.10 P-9101V-11.11 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibExpat)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-25315 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (LibExpat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via XMPP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-25315 P-10899V-8.6.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938440.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Google Gson)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-13676V-18.2 P-13676V-18.3 P-13676V-19.1 P-13676V-19.2 P-13676V-21.1 P-13676V-22.1 P-13676V-22.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking APIs Oracle customers with valid support contracts https://support.oracle.com P-13676V-18.2 P-13676V-18.3 P-13676V-19.1 P-13676V-19.2 P-13676V-21.1 P-13676V-22.1 P-13676V-22.2 Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Google Gson)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-12989V-14.0-14.3 P-12989V-14.5-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Corporate Lending Oracle customers with valid support contracts https://support.oracle.com P-12989V-14.0-14.3 P-12989V-14.5-14.7 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Google Gson)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-13011V-14.5 P-13011V-14.6 P-13011V-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Payments Oracle customers with valid support contracts https://support.oracle.com P-13011V-14.5 P-13011V-14.6 P-13011V-14.7 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-14134V-14.5 P-14134V-14.6 P-14134V-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Trade Finance Oracle customers with valid support contracts https://support.oracle.com P-14134V-14.5 P-14134V-14.6 P-14134V-14.7 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-14133V-14.5 P-14133V-14.6 P-14133V-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Treasury Management Oracle customers with valid support contracts https://support.oracle.com P-14133V-14.5 P-14133V-14.6 P-14133V-14.7 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Google Gson)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-13444V-Prior to 21.1.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-9052V-14.0-14.3 P-9052V-14.5-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle FLEXCUBE Universal Banking Oracle customers with valid support contracts https://support.oracle.com P-9052V-14.0-14.3 P-9052V-14.5-14.7 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (jruby)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Orchestrator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25857 P-11681V-Prior to 9.2.7.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H JD Edwards EnterpriseOne Orchestrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-11681V-Prior to 9.2.7.3 Security-in-Depth issue in Oracle SQL Developer (component: General Infrastructure (Apache POI)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-26336 P-1875V-Prior to 23.1.0 0.0 Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 23.1.0 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (FreeType)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-27404 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (FreeType)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-27404 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Documaker Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (FreeType)). The supported version that is affected is 11.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-27404 P-8776V-11.2.12 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Hyperion Financial Reporting Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2775466.2 P-8776V-11.2.12 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Document Viewing using Outside In technology (FreeType)). Supported versions that are affected are 18.8.0-18.8.26, 19.12.0-19.12.21, 20.12.0-20.12.18, 21.12.0-21.12.12 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-27404 P-5579V-18.8.0-18.8.26 P-5579V-19.12.0-19.12.21 P-5579V-20.12.0-20.12.18 P-5579V-21.12.0-21.12.12 P-5579V-22.12.0-22.12.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Primavera P6 Enterprise Project Portfolio Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936154.1 P-5579V-18.8.0-18.8.26 P-5579V-19.12.0-19.12.21 P-5579V-20.12.0-20.12.18 P-5579V-21.12.0-21.12.12 P-5579V-22.12.0-22.12.3 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (FreeType)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-27404 P-10354V-18.8.0-18.8.18 P-10354V-19.12.0-19.12.16 P-10354V-20.12.0-20.12.16 P-10354V-21.12.0-21.12.14 P-10354V-22.12.0-22.12.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936154.1 P-10354V-18.8.0-18.8.18 P-10354V-19.12.0-19.12.16 P-10354V-20.12.0-20.12.16 P-10354V-21.12.0-21.12.14 P-10354V-22.12.0-22.12.3 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (cURL)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-27782 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (Dpdk)). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2022-28199 P-10750V-9.0 P-10750V-9.1 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Oracle Communications Session Border Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938613.1 P-10750V-9.0 P-10750V-9.1 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-28327 P-13444V-Prior to 21.1.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech - Cloud Manager (Ruby)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-28738 P-4781V-Prior to 9.2.7.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.2 Security-in-Depth issue in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (Embedded JavaScript Templates)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-29078 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 0.0 Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle Financial Services Regulatory Reporting with AgileREPORTER product of Oracle Financial Services Applications (component: Application (AntiSamy)). The supported version that is affected is 8.1.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting with AgileREPORTER. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting with AgileREPORTER, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting with AgileREPORTER accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting with AgileREPORTER accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-29577 P-13077V-8.1.1.2.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Regulatory Reporting with AgileREPORTER Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940025.1 P-13077V-8.1.1.2.0 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Maven)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-29599 P-4647V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (HTTP::Daemon)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2022-31081 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (Grafana)). Supported versions that are affected are 12.0.4-12.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Convergent Charging Controller executes to compromise Oracle Communications Convergent Charging Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31123 P-12985V-12.0.4-12.0.6 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Convergent Charging Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936023.1 P-12985V-12.0.4-12.0.6 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (Grafana)). Supported versions that are affected are 12.0.4-12.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Network Charging and Control executes to compromise Oracle Communications Network Charging and Control. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31123 P-4623V-12.0.4-12.0.6 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Network Charging and Control Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936023.1 P-4623V-12.0.4-12.0.6 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Grafana)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31123 P-10900V-12.6.0.0.0 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Policy Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938443.1 P-10900V-12.6.0.0.0 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Moment.js)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-31129 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: Third Party (Moment.js)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Services Gatekeeper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-31129 P-5381V-7.0.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Services Gatekeeper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938446.1 P-5381V-7.0.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin (jQueryUI)). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-31160 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: Server (jQueryUI)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data as well as unauthorized read access to a subset of MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-31160 P-8480V-8.0.33 and prior 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8480V-8.0.33 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (jQueryUI)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-31160 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 3.9 AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H). Security patch has been released CVE-2022-31630 P-10899V-8.6.0.0 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938440.1 P-10899V-8.6.0.0 Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications (component: Management (PHP)). The supported version that is affected is 9.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle SD-WAN Aware executes to compromise Oracle SD-WAN Aware. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SD-WAN Aware accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Aware. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H). Security patch has been released CVE-2022-31630 P-13941V-9.0.1.6.0 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Oracle SD-WAN Aware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938423.1 P-13941V-9.0.1.6.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Authentication (Spring Security)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-11052V-9.0.0 P-11052V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Element Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938441.1 P-11052V-9.0.0 P-11052V-9.0.1 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Authentication (Spring Security)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-10770V-9.0.0 P-10770V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Session Report Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938447.1 P-10770V-9.0.0 P-10770V-9.0.1 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Spring Security)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-13940V-9.1.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle SD-WAN Edge Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938444.1 P-13940V-9.1.1.4.0 Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Google Protobuf-Java)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-12989V-14.0-14.3 P-12989V-14.5-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Corporate Lending Oracle customers with valid support contracts https://support.oracle.com P-12989V-14.0-14.3 P-12989V-14.5-14.7 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-13011V-14.5 P-13011V-14.6 P-13011V-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Payments Oracle customers with valid support contracts https://support.oracle.com P-13011V-14.5 P-13011V-14.6 P-13011V-14.7 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14134V-14.5 P-14134V-14.6 P-14134V-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Trade Finance Oracle customers with valid support contracts https://support.oracle.com P-14134V-14.5 P-14134V-14.6 P-14134V-14.7 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14133V-14.5 P-14133V-14.6 P-14133V-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Treasury Management Oracle customers with valid support contracts https://support.oracle.com P-14133V-14.5 P-14133V-14.6 P-14133V-14.7 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-3171 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Google Protobuf-Java)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-10900V-12.6.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Policy Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938443.1 P-10900V-12.6.0.0.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Google Protobuf-Java)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-9052V-14.0-14.3 P-9052V-14.5-14.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle FLEXCUBE Universal Banking Oracle customers with valid support contracts https://support.oracle.com P-9052V-14.0-14.3 P-9052V-14.5-14.7 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (Google Protobuf-Java)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-9427V-4.1.0 P-9427V-4.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Google Protobuf-Java)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-13388V-18.0.0.12 P-13388V-19.0.0.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-13388V-18.0.0.12 P-13388V-19.0.0.6 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2022-32215 P-13444V-Prior to 21.1.3 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Lifecycle (Node.js)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2022-32215 P-2025V-6.4.0.0.0 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons Configuration)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-33980 P-4647V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Configuration)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-33980 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Commons Configuration)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-33980 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 0.0 Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936478.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: JAXP (Apache Xalan-J)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition and unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). Security patch has been released CVE-2022-34169 P-2025V-12.2.1.4.0 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-12.2.1.4.0 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Xalan-Java)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-34169 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker (Apache Xalan-Java)). The supported version that is affected is 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-34169 P-5085V-8.58 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Managed File Transfer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-34305 P-10198V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Managed File Transfer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-10198V-12.2.1.4.0 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (NSS)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3479 P-9427V-4.1.0 P-9427V-4.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-34917 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (SQLite)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-35737 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938436.1 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (jsoup)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-14134V-14.5 P-14134V-14.6 P-14134V-14.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Banking Trade Finance Oracle customers with valid support contracts https://support.oracle.com P-14134V-14.5 P-14134V-14.6 P-14134V-14.7 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Treasury Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Treasury Management accessible data as well as unauthorized read access to a subset of Oracle Banking Treasury Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-14133V-14.5 P-14133V-14.6 P-14133V-14.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Banking Treasury Management Oracle customers with valid support contracts https://support.oracle.com P-14133V-14.5 P-14133V-14.6 P-14133V-14.7 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-5325V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Business Process Management Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5325V-12.2.1.4.0 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-9052V-14.0-14.3 P-9052V-14.5-14.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle FLEXCUBE Universal Banking Oracle customers with valid support contracts https://support.oracle.com P-9052V-14.0-14.3 P-9052V-14.5-14.7 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Middleware Common Libraries and Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized read access to a subset of Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-4647V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-4647V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (jsoup)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (jsoup)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-10354V-18.8.0-18.8.18 P-10354V-19.12.0-19.12.16 P-10354V-20.12.0-20.12.16 P-10354V-21.12.0-21.12.14 P-10354V-22.12.0-22.12.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936154.1 P-10354V-18.8.0-18.8.18 P-10354V-19.12.0-19.12.16 P-10354V-20.12.0-20.12.16 P-10354V-21.12.0-21.12.14 P-10354V-22.12.0-22.12.3 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jsoup)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-13388V-18.0.0.12 P-13388V-19.0.0.6 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-13388V-18.0.0.12 P-13388V-19.0.0.6 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-1696V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle WebCenter Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1696V-12.2.1.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache HTTP Server)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. While the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2022-36760 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (zlib)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-2025V-6.4.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Communications Core Session Manager product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 8.45 and 9.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Core Session Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Core Session Manager as well as unauthorized update, insert or delete access to some of Oracle Communications Core Session Manager accessible data and unauthorized read access to a subset of Oracle Communications Core Session Manager accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2022-37434 P-10754V-8.45 P-10754V-9.15 7.0 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Oracle Communications Core Session Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938621.1 P-10754V-8.45 P-10754V-9.15 Security-in-Depth issue in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: Other (zlib)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-37434 P-2261V-7.4.0 P-2261V-7.5.0 0.0 Oracle Communications IP Service Activator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936021.1 P-2261V-7.4.0 P-2261V-7.5.0 Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (glibc)). The supported version that is affected is 5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-10761V-5.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Operations Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938442.1 P-10761V-5.0 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (zlib)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-10900V-12.6.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Policy Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938443.1 P-10900V-12.6.0.0.0 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2022-37434 P-10750V-9.0 P-10750V-9.1 7.0 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Oracle Communications Session Border Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938613.1 P-10750V-9.0 P-10750V-9.1 Vulnerability in the Oracle Communications Session Router product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Router as well as unauthorized update, insert or delete access to some of Oracle Communications Session Router accessible data and unauthorized read access to a subset of Oracle Communications Session Router accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2022-37434 P-10752V-9.0 P-10752V-9.1 7.0 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Oracle Communications Session Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938613.1 P-10752V-9.0 P-10752V-9.1 Vulnerability in the Oracle Communications Subscriber-Aware Load Balancer product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Subscriber-Aware Load Balancer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Subscriber-Aware Load Balancer as well as unauthorized update, insert or delete access to some of Oracle Communications Subscriber-Aware Load Balancer accessible data and unauthorized read access to a subset of Oracle Communications Subscriber-Aware Load Balancer accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2022-37434 P-10766V-9.0 P-10766V-9.1 7.0 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Oracle Communications Subscriber-Aware Load Balancer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938613.1 P-10766V-9.0 P-10766V-9.1 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 3.3 and 4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Communications Broker as well as unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data and unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2022-37434 P-10758V-3.3 P-10758V-4.0 7.0 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Oracle Enterprise Communications Broker Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938617.1 P-10758V-3.3 P-10758V-4.0 Vulnerability in the Oracle Enterprise Session Router product of Oracle Communications (component: Routing (zlib)). The supported version that is affected is 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Router as well as unauthorized update, insert or delete access to some of Oracle Enterprise Session Router accessible data and unauthorized read access to a subset of Oracle Enterprise Session Router accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2022-37434 P-14615V-9.1 7.0 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Oracle Enterprise Session Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938613.1 P-14615V-9.1 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (zlib)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-1042V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1042V-12.2.1.4.0 Security-in-Depth issue in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (zlib)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-37434 P-8479V-7.5.29 and prior P-8479V-7.6.25 and prior P-8479V-8.0.31 and prior 0.0 MySQL Cluster Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8479V-7.5.29 and prior P-8479V-7.6.25 and prior P-8479V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB (zlib)). Supported versions that are affected are 5.7.41 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-8478V-5.7.41 and prior P-8478V-8.0.31 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-5.7.41 and prior P-8478V-8.0.31 and prior Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (zlib)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-1823V-15.0.3 P-1823V-16.0.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Predictive Application Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-1823V-15.0.3 P-1823V-16.0.3 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Apache Ivy)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Automated Test Suite accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2022-37865 P-14488V-22.3.1 P-14488V-22.4.0 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938415.1 P-14488V-22.3.1 P-14488V-22.4.0 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-38752 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (SnakeYAML)). Supported versions that are affected are 22.3.0 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-14117V-22.3.0 P-14117V-22.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Service Communication Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2942394.1 P-14117V-22.3.0 P-14117V-22.4.0 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Application (SnakeYAML)). Supported versions that are affected are 8.1.0.0 and 8.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-14276V-8.1.0.0 P-14276V-8.1.2.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Model Management and Governance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939794.1 P-14276V-8.1.0.0 P-14276V-8.1.2.0 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (SnakeYAML)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-13940V-9.1.1.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle SD-WAN Edge Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938444.1 P-13940V-9.1.1.4.0 Security-in-Depth issue in Oracle Essbase (component: Build (Apache Calcite)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-39135 P-4379V-21.4 0.0 Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-4379V-21.4 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Traefik)). The supported version that is affected is 7.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-39271 P-2270V-7.4.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Order and Service Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936012.1 P-2270V-7.4.1 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-40146 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Financial Services Revenue Management and Billing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938972.1 P-5322V-2.7 P-5322V-2.7.1 P-5322V-2.8 P-5322V-2.9 P-5322V-2.9.1 P-5322V-3.0 P-5322V-3.1 P-5322V-3.2 P-5322V-4.0 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Build Scripts (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40149 P-5565V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Access Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5565V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (XStream)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40151 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938417.1 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40151 P-1696V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebCenter Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1696V-12.2.1.4.0 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Apache CXF)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40152 P-9633V-11.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Commerce Guided Search Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939844.1 P-9633V-11.3.2 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40152 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (libxml2)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-40304 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libxml2)). Supported versions that are affected are 22.4.0-22.4.4, 23.1.0 and 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-40304 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0 P-14121V-23.1.1 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938417.1 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0 P-14121V-23.1.1 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-40304 P-14125V-22.4.0 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Network Function Cloud Native Environment Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938434.1 P-14125V-22.4.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-40304 P-1042V-12.2.1.4.0 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1042V-12.2.1.4.0 Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Oracle TimesTen In-Memory Database (Go)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-41715 P-1870V-Prior to 22.1.1.7.0 0.0 Oracle TimesTen In-Memory Database Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1870V-Prior to 22.1.1.7.0 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Netty)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41881 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Netty)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-41881 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (Netty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41881 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Coherence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Netty)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41881 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938417.1 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Netty)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41881 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Netty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41881 P-1696V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebCenter Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1696V-12.2.1.4.0 Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Security (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-1675V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle SOA Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1675V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (XStream)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938417.1 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (XStream)). Supported versions that are affected are 22.4.0 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-14250V-22.4.0 P-14250V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938418.1 P-14250V-22.4.0 P-14250V-22.3.0 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (XStream)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-10900V-12.6.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Policy Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938443.1 P-10900V-12.6.0.0.0 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security Component (XStream)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936066.1 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (XStream)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-9835V-12.4.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Enterprise Manager Ops Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923367.1 P-9835V-12.4.0.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (XStream)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (XStream)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 and 4.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41966 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0-4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 P-2245V-4.4.0.3.0 P-2245V-4.5.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Utilities Application Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936478.1 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0-4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 P-2245V-4.4.0.3.0 P-2245V-4.5.0.0.0 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (jackson-databind)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-4461V-9.3.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Agile PLM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939856.1 P-4461V-9.3.6 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (jackson-databind)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (jackson-databind)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-2025V-6.4.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-5325V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Business Process Management Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5325V-12.2.1.4.0 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (jackson-databind)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Coherence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (jackson-databind)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-9633V-11.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Commerce Guided Search Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939844.1 P-9633V-11.3.2 Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (jackson-databind)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14117V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Service Communication Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2942394.1 P-14117V-22.3.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (jackson-databind)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-11052V-9.0.0 P-11052V-9.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Element Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938441.1 P-11052V-9.0.0 P-11052V-9.0.1 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (jackson-databind)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-10900V-12.6.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Policy Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938443.1 P-10900V-12.6.0.0.0 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (jackson-databind)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-10770V-9.0.0 P-10770V-9.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Session Report Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938447.1 P-10770V-9.0.0 P-10770V-9.0.1 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (jackson-databind)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Documaker Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Analytical Applications Infrastructure Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939767.1 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (jackson-databind)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-9190V-8.0.8.1 P-9190V-8.1.1.1 P-9190V-8.1.2.3 P-9190V-8.1.2.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Behavior Detection Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936356.1 P-9190V-8.0.8.1 P-9190V-8.1.1.1 P-9190V-8.1.2.3 P-9190V-8.1.2.4 Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: Application (jackson-databind)). Supported versions that are affected are 8.1.2.4, 8.1.2.3, 8.1.1.1 and 8.0.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Enterprise Case Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13545V-8.1.2.4 P-13545V-8.1.2.3 P-13545V-8.1.1.1 P-13545V-8.0.8.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Enterprise Case Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936337.1 P-13545V-8.1.2.4 P-13545V-8.1.2.3 P-13545V-8.1.1.1 P-13545V-8.0.8.2 Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate (jackson-databind)). Supported versions that are affected are Prior to 19.1.0.0.230418 and Prior to 21.10.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-5757V-Prior to 19.1.0.0.230418 P-5757V-Prior to 21.10.0.0.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle GoldenGate Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-5757V-Prior to 19.1.0.0.230418 P-5757V-Prior to 21.10.0.0.0 Vulnerability in Oracle Graph Server and Client (component: Packaging (jackson-databind)). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Graph Server and Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Graph Server and Client. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14069V-Prior to 23.1.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-14069V-Prior to 23.1.0 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: User Interface (jackson-databind)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-9427V-4.1.0 P-9427V-4.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-1980V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Identity Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1980V-12.2.1.4.0 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (jackson-databind)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-4781V-Prior to 9.2.7.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in Oracle NoSQL Database (component: Administration (jackson-databind)). Supported versions that are affected are Prior to 19.5.32. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle NoSQL Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle NoSQL Database. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13373V-Prior to 19.5.32 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle NoSQL Database Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13373V-Prior to 19.5.32 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jackson-databind)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13388V-18.0.0.12 P-13388V-19.0.0.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-13388V-18.0.0.12 P-13388V-19.0.0.6 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (jackson-databind)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-1816V-15.0.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Retail Merchandising System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-1816V-15.0.3.1 Vulnerability in the Oracle Retail Sales Audit product of Oracle Retail Applications (component: others (jackson-databind)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Sales Audit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Sales Audit. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-1834V-15.0.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Retail Sales Audit Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-1834V-15.0.3.1 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (jackson-databind)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513V-17.0.6 P-11513V-18.0.5 P-11513V-19.0.4 P-11513V-20.0.3 P-11513V-21.0.2 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (jackson-databind)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13940V-9.1.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle SD-WAN Edge Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938444.1 P-13940V-9.1.1.4.0 Vulnerability in Oracle SQL Developer (component: Infrastructure (jackson-databind)). Supported versions that are affected are Prior to 23.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SQL Developer. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-1875V-Prior to 23.1.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 23.1.0 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (jackson-databind)). Supported versions that are affected are 23.2 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-9011V-23.2 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Siebel CRM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939854.1 P-9011V-23.2 and prior Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-1696V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebCenter Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1696V-12.2.1.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Kafka)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42004 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Application (Apache Tomcat)). Supported versions that are affected are 8.1.0.0 and 8.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-14276V-8.1.0.0 P-14276V-8.1.2.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Financial Services Model Management and Governance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939794.1 P-14276V-8.1.0.0 P-14276V-8.1.2.0 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Management Cloud Engine accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-14252V-22.1.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Management Cloud Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2942213.1 P-14252V-22.1.0.0.0 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Services (Apache Tomcat)). Supported versions that are affected are 23.2 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-9001V-23.2 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Siebel CRM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939854.1 P-9001V-23.2 and prior Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42889 P-13444V-Prior to 21.1.3 0.0 Oracle Blockchain Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13444V-Prior to 21.1.3 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Application Archive (Apache Commons Text)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-2025V-6.4.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Application (Apache Commons Text)). The supported version that is affected is 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-14392V-8.1.2.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Financial Services Compliance Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936394.1 P-14392V-8.1.2.4 Security-in-Depth issue in Oracle Graph Server and Client (component: PGX Java Client (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42889 P-14069V-Prior to 23.1.0 0.0 Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-14069V-Prior to 23.1.0 Vulnerability in the Oracle Healthcare Foundation product of Oracle HealthCare Applications (component: Self Service Analytics (Apache Commons Text)). Supported versions that are affected are 8.1.0, 8.1.1, 8.2.0, 8.2.1 and 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Foundation. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-12950V-8.1.0 P-12950V-8.1.1 P-12950V-8.2.0 P-12950V-8.2.1 P-12950V-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Healthcare Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-12950V-8.1.0 P-12950V-8.1.1 P-12950V-8.2.0 P-12950V-8.2.1 P-12950V-8.2.2 Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Self Service Analytics (Apache Commons Text)). Supported versions that are affected are 5.0.0-5.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Master Person Index. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-8575V-5.0.0-5.0.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Healthcare Master Person Index Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-8575V-5.0.0-5.0.4 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Security (Apache Commons Text)). Supported versions that are affected are 16.0.2 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in takeover of Oracle Retail Merchandising System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-1816V-16.0.2 P-1816V-16.0.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Merchandising System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-1816V-16.0.2 P-1816V-16.0.3 Vulnerability in the Oracle Retail Xstore Office Cloud Service product of Oracle Retail Applications (component: DB, Perf, etc (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office Cloud Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Office Cloud Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-13551V-18.0.5 P-13551V-19.0.4 P-13551V-20.0.3 P-13551V-21.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Xstore Office Cloud Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-13551V-18.0.5 P-13551V-19.0.4 P-13551V-20.0.3 P-13551V-21.0.2 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-11513(Point of Sale)V-18.0.5 P-11513(Point of Sale)V-19.0.4 P-11513(Point of Sale)V-20.0.3 P-11513(Point of Sale)V-21.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513(Point of Sale)V-18.0.5 P-11513(Point of Sale)V-19.0.4 P-11513(Point of Sale)V-20.0.3 P-11513(Point of Sale)V-21.0.2 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-11513(Xenvironment)V-18.0.5 P-11513(Xenvironment)V-19.0.4 P-11513(Xenvironment)V-20.0.3 P-11513(Xenvironment)V-21.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-11513(Xenvironment)V-18.0.5 P-11513(Xenvironment)V-19.0.4 P-11513(Xenvironment)V-20.0.3 P-11513(Xenvironment)V-21.0.2 Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42889 P-1875V-Prior to 22.4.0 0.0 Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 22.4.0 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Batik)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-42890 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-42890 P-5325V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Business Process Management Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5325V-12.2.1.4.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-42890 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Financial Services Analytical Applications Infrastructure Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939767.1 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-42890 P-4647V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-4647V-12.2.1.4.0 Security-in-Depth issue in Oracle SQL Developer (component: General Infrastructure (Apache Batik)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42890 P-1875V-Prior to 23.1.0 0.0 Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 23.1.0 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Kerberos)). Supported versions that are affected are 23.1.0 and 22.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42898 P-14123V-23.1.0 P-14123V-22.4.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938437.1 P-14123V-23.1.0 P-14123V-22.4.1 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (Kerberos)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42898 P-9427V-4.1.0 P-9427V-4.1.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (cURL)). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-42916 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Jenkins Script Security)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. While the vulnerability is in Oracle Communications Cloud Native Core Automated Test Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2022-43401 P-14488V-22.3.1 P-14488V-22.4.0 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938415.1 P-14488V-22.3.1 P-14488V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Jenkins)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. While the vulnerability is in Oracle Communications Cloud Native Core Automated Test Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2022-43402 P-14488V-22.3.1 P-14488V-22.4.0 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938415.1 P-14488V-22.3.1 P-14488V-22.4.0 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module (Node.js)). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-43548 P-8479V-8.0.32 and prior 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MySQL Cluster Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8479V-8.0.32 and prior Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-43551 P-1042V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1042V-12.2.1.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (cURL)). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-43551 P-8478V-5.7.41 and prior P-8478V-8.0.32 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-5.7.41 and prior P-8478V-8.0.32 and prior Vulnerability in the Oracle Financial Services Currency Transaction Reporting product of Oracle Financial Services Applications (component: Application (LibExpat)). Supported versions that are affected are 8.0.8.1.0, 8.1.1.1.0, 8.1.2.3.0 and 8.1.2.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Currency Transaction Reporting. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Currency Transaction Reporting. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-43680 P-9784V-8.0.8.1.0 P-9784V-8.1.1.1.0 P-9784V-8.1.2.3.0 P-9784V-8.1.2.4.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Currency Transaction Reporting Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936356.1 P-9784V-8.0.8.1.0 P-9784V-8.1.1.1.0 P-9784V-8.1.2.3.0 P-9784V-8.1.2.4.1 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (LibExpat)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-43680 P-9190V-8.0.8.1 P-9190V-8.1.1.1 P-9190V-8.1.2.3 P-9190V-8.1.2.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Behavior Detection Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936356.1 P-9190V-8.0.8.1 P-9190V-8.1.1.1 P-9190V-8.1.2.3 P-9190V-8.1.2.4 Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Application (LibExpat)). The supported version that is affected is 8.0.8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-43680 P-13789V-8.0.8.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936336.1 P-13789V-8.0.8.0.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (systemd)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-4415 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938436.1 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Business Process Management Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-5325V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Business Process Management Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5325V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Apache Mina SSHD)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-14488V-22.3.1 P-14488V-22.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938415.1 P-14488V-22.3.1 P-14488V-22.4.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Mina SSHD)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-11052V-9.0.0 P-11052V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Element Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938441.1 P-11052V-9.0.0 P-11052V-9.0.1 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Mina SSHD)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-10770V-9.0.0 P-10770V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Session Report Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938447.1 P-10770V-9.0.0 P-10770V-9.0.1 Security-in-Depth issue in Oracle GoldenGate (component: Oracle GoldenGate (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45047 P-5757V-Prior to 19.1.0.0.230418 P-5757V-Prior to 21.10.0.0.0 0.0 Oracle GoldenGate Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-5757V-Prior to 19.1.0.0.230418 P-5757V-Prior to 21.10.0.0.0 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Mina SSHD)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-14252V-22.1.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Management Cloud Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2942213.1 P-14252V-22.1.0.0.0 Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45047 P-13373V-Prior to 19.5.32 0.0 Oracle NoSQL Database Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-13373V-Prior to 19.5.32 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Webserver (Apache Mina SSHD)). The supported version that is affected is 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-5085V-8.60 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.60 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Apache Mina SSHD)). The supported version that is affected is 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-13388V-19.0.0.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2934131.1 P-13388V-19.0.0.6 Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45047 P-1875V-Prior to 22.4.0 0.0 Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 22.4.0 Vulnerability in the Oracle Database OML4PY (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database OML4PY (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database OML4PY (Python). CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2022-45061 P-5(Oracle Database OML4PY)V-21c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Oracle Database OML4PY (Python) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-5(Oracle Database OML4PY)V-21c Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-4461V-9.3.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Agile PLM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939856.1 P-4461V-9.3.6 Security-in-Depth issue in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45143 P-11528V-Prior to 23.1 0.0 Oracle Big Data Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-11528V-Prior to 23.1 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-9633V-11.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Commerce Guided Search Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939844.1 P-9633V-11.3.2 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Apache Tomcat)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938417.1 P-14121V-22.4.0-22.4.4 P-14121V-23.1.0-23.1.1 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-10899V-8.6.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938440.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-11052V-9.0.0 P-11052V-9.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Element Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938441.1 P-11052V-9.0.0 P-11052V-9.0.1 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-10770V-9.0.0 P-10770V-9.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Session Report Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938447.1 P-10770V-9.0.0 P-10770V-9.0.1 Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45143 P-5(Oracle Database)V-19c P-5(Oracle Database)V-21c 0.0 Oracle Database (Apache Tomcat) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-5(Oracle Database)V-19c P-5(Oracle Database)V-21c Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45143 P-14069V-Prior to 23.2.0 0.0 Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-14069V-Prior to 23.2.0 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-8480V-8.0.33 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8480V-8.0.33 and prior Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Apache Tomcat)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-45143 P-13940V-9.1.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle SD-WAN Edge Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938444.1 P-13940V-9.1.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Jettison)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-45685 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Jettison)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-45685 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-45693 P-1980V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Identity Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-1980V-12.2.1.4.0 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache CXF)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-46364 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Apache CXF)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-46364 P-10899V-8.6.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938440.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: SOAP (Apache CXF)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-46364 P-11052V-9.0.0 P-11052V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Element Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938441.1 P-11052V-9.0.0 P-11052V-9.0.1 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: SOAP (Apache CXF)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-46364 P-10770V-9.0.0 P-10770V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Session Report Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938447.1 P-10770V-9.0.0 P-10770V-9.0.1 Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache CXF)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-46364 P-4379V-21.4 0.0 Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-4379V-21.4 Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Convergent Charging Controller executes to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Convergent Charging Controller accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Convergent Charging Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2022-46908 P-12985V-6.0.1.0.0 P-12985V-12.0.1.0.0-12.0.6.0.0 7.3 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Oracle Communications Convergent Charging Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936023.1 P-12985V-6.0.1.0.0 P-12985V-12.0.1.0.0-12.0.6.0.0 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Network Charging and Control executes to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Network Charging and Control accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Network Charging and Control accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2022-46908 P-4623V-6.0.1.0.0 P-4623V-12.0.1.0.0-12.0.6.0.0 7.3 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Oracle Communications Network Charging and Control Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936023.1 P-4623V-6.0.1.0.0 P-4623V-12.0.1.0.0-12.0.6.0.0 Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Application (SQLite)). The supported version that is affected is 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Compliance Studio executes to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Compliance Studio accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Compliance Studio accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2022-46908 P-14392V-8.1.2.4 7.3 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Oracle Financial Services Compliance Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936394.1 P-14392V-8.1.2.4 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (SQLite)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Healthcare Translational Research executes to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Healthcare Translational Research accessible data as well as unauthorized access to critical data or complete access to all Oracle Healthcare Translational Research accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2022-46908 P-9427V-4.1.0 P-9427V-4.1.1 7.3 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Third Party (SQLite)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2022-46908 P-2276V-8.5.6 7.3 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Oracle Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-2276V-8.5.6 Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (libksba)). The supported version that is affected is 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Configuration Console. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-47629 P-14250V-22.4.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Configuration Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938418.1 P-14250V-22.4.1 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (libksba)). The supported version that is affected is 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-47629 P-14122V-22.4.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938420.1 P-14122V-22.4.2 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (libksba)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-47629 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938436.1 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (libksba)). The supported version that is affected is 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-47629 P-14123V-22.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938437.1 P-14123V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (libksba)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-47629 P-14119V-22.4.1 P-14119V-23.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938438.1 P-14119V-22.4.1 P-14119V-23.1.0 Vulnerability in Oracle Essbase (component: Build (OpenSSL)). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-0215 P-4379V-21.4 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-4379V-21.4 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-0215 P-8576(Connector/C++)V-8.0.32 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8576(Connector/C++)V-8.0.32 and prior Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-0215 P-8576(Connector/ODBC)V-8.0.32 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8576(Connector/ODBC)V-8.0.32 and prior Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-0215 P-8480V-8.0.33 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8480V-8.0.33 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-0215 P-8478V-5.7.41 and prior P-8478V-8.0.32 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-5.7.41 and prior P-8478V-8.0.32 and prior Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-0215 P-4627V-8.0.32 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Workbench Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-4627V-8.0.32 and prior Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installer (GnuTLS)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-0361 P-14118V-23.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Communications Cloud Native Core Network Repository Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938435.1 P-14118V-23.1.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (PHP)). Supported versions that are affected are 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-0662 P-14597V-6.0.0-6.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-6.0.0-6.0.2 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (json-smart)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-1370 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936013.1 P-14597V-5.5.0-5.5.10 P-14597V-6.0.0-6.0.2 Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21896 P-10006V-10 P-10006V-11 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Solaris Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940069.1 P-10006V-10 P-10006V-11 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application). The supported version that is affected is 8.0.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21902 P-9190V-8.0.8.1 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Oracle Financial Services Behavior Detection Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936356.1 P-9190V-8.0.8.1 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Internal Tfr Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). Security patch has been released CVE-2023-21903 P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 5.3 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L Oracle Banking Virtual Account Management Oracle customers with valid support contracts https://support.oracle.com P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). Security patch has been released CVE-2023-21904 P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 5.3 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L Oracle Banking Virtual Account Management Oracle customers with valid support contracts https://support.oracle.com P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-21905 P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 6.1 AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N Oracle Banking Virtual Account Management Oracle customers with valid support contracts https://support.oracle.com P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: SMS Module). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-21906 P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 6.1 AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N Oracle Banking Virtual Account Management Oracle customers with valid support contracts https://support.oracle.com P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). Security patch has been released CVE-2023-21907 P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 6.0 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H Oracle Banking Virtual Account Management Oracle customers with valid support contracts https://support.oracle.com P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). Security patch has been released CVE-2023-21908 P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 6.0 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H Oracle Banking Virtual Account Management Oracle customers with valid support contracts https://support.oracle.com P-13487V-14.5 P-13487V-14.6 P-13487V-14.7 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Supported versions that are affected are 23.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21909 P-9011V-23.3 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Siebel CRM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939854.1 P-9011V-23.3 and prior Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21910 P-2025V-6.4.0.0.0 P-2025V-12.2.1.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 P-2025V-12.2.1.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21911 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21912 P-8478V-5.7.41 and prior P-8478V-8.0.30 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-5.7.41 and prior P-8478V-8.0.30 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21913 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.31 and prior Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). Security patch has been released CVE-2023-21915 P-13011V-14.5 P-13011V-14.6 P-13011V-14.7 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Oracle Banking Payments Oracle customers with valid support contracts https://support.oracle.com P-13011V-14.5 P-13011V-14.6 P-13011V-14.7 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21916 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21917 P-8478V-8.0.30 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.30 and prior Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. While the vulnerability is in Oracle Database Recovery Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). Security patch has been released CVE-2023-21918 P-5(Oracle Database Recovery Manager)V-19c P-5(Oracle Database Recovery Manager)V-21c 6.8 AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Oracle Database Recovery Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-5(Oracle Database Recovery Manager)V-19c P-5(Oracle Database Recovery Manager)V-21c Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21919 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21920 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2023-21921 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Oracle Health Sciences InForm Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-21922 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Oracle Health Sciences InForm Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2023-21923 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 8.3 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Oracle Health Sciences InForm Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). Security patch has been released CVE-2023-21924 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 5.9 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L Oracle Health Sciences InForm Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2023-21925 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Oracle Health Sciences InForm Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Health Sciences InForm executes to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21926 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Oracle Health Sciences InForm Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-9636V-Prior to 6.3.1.3 P-9636V-Prior to 7.0.0.1 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21927 P-4781V-Prior to 9.2.7.3 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21928 P-10006V-11 1.8 AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N Oracle Solaris Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940069.1 P-10006V-11 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2023-21929 P-8478V-8.0.32 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-21930 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21931 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L). Security patch has been released CVE-2023-21932 P-11580V-5.6 7.2 AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L Oracle Hospitality OPERA 5 Property Services Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935379.1 P-11580V-5.6 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21933 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-21934 P-5(Java VM)V-19c P-5(Java VM)V-21c 6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Java VM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-5(Java VM)V-19c P-5(Java VM)V-21c Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21935 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21936 P-4781V-Prior to 9.2.7.3 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939855.1 P-4781V-Prior to 9.2.7.3 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21937 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21938 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21939 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21940 P-8478V-8.0.32 and prior 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21941 P-1479V-6.4.0.0.0 P-1479V-12.2.1.4.0 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Oracle BI Publisher Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-1479V-6.4.0.0.0 P-1479V-12.2.1.4.0 Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21942 P-4379V-21.4 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-4379V-21.4 Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21943 P-4379V-21.4 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-4379V-21.4 Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21944 P-4379V-21.4 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-4379V-21.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21945 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21946 P-8478V-8.0.32 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21947 P-8478V-8.0.32 and prior 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21948 P-10006V-10 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Solaris Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940069.1 P-10006V-10 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21952 P-2025V-6.4.0.0.0 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21953 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21954 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21955 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21956 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iReceivables accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21959 P-1106V-12.2.3-12.2.12 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Oracle iReceivables Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-1106V-12.2.3-12.2.12 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2023-21960 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 5.6 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21962 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2023-21963 P-8478V-5.7.40 and prior P-8478V-8.0.31 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-5.7.40 and prior P-8478V-8.0.31 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21964 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21965 P-2025V-6.4.0.0.0 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-2025V-6.4.0.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21966 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21967 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21968 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-856V-Oracle Java SE:8u361 P-856V-Oracle Java SE:8u361-perf P-856V-Oracle Java SE:11.0.18 P-856V-Oracle Java SE:17.0.6 P-856V-Oracle Java SE:20 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21969 P-1875V-Prior to 23.1.0 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 23.1.0 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21970 P-1479V-6.4.0.0.0 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Oracle BI Publisher Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936091.2 P-1479V-6.4.0.0.0 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). Security patch has been released CVE-2023-21971 P-8576V-8.0.32 and prior 5.3 AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8576V-8.0.32 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21972 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite (component: E-Content Manager Catalog). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iProcurement, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iProcurement accessible data as well as unauthorized read access to a subset of Oracle iProcurement accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21973 P-398V-12.2.3-12.2.12 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Oracle iProcurement Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-398V-12.2.3-12.2.12 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21976 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21977 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: GUI). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). Security patch has been released CVE-2023-21978 P-510V-12.2.3-12.2.11 6.5 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Oracle Application Object Library Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-510V-12.2.3-12.2.11 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21979 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21980 P-8478V-5.7.41 and prior P-8478V-8.0.32 and prior 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-5.7.41 and prior P-8478V-8.0.32 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21981 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21982 P-8478V-8.0.32 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2937307.1 P-8478V-8.0.32 and prior Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21984 P-10006V-11 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Solaris Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940069.1 P-10006V-11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2023-21985 P-10006V-10 P-10006V-11 7.7 AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H Oracle Solaris Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940069.1 P-10006V-10 P-10006V-11 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 5.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L). Security patch has been released CVE-2023-21986 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 5.7 AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2023-21987 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Security patch has been released CVE-2023-21988 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2023-21989 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2023-21990 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). Security patch has been released CVE-2023-21991 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 3.2 AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2023-21992 P-5071V-9.2 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N PeopleSoft Enterprise HCM Human Resources Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939793.1 P-5071V-9.2 Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical Remote Data Capture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Clinical Remote Data Capture accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21993 P-1041V-5.4.0.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle Clinical Remote Data Capture Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938697.1 P-1041V-5.4.0.2 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21996 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21997 P-1475V-12.2.3-12.2.12 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Oracle User Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-1475V-12.2.3-12.2.12 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21998 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 4.6 AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2023-21999 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 3.6 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-22000 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 4.6 AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-22001 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 4.6 AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2023-22002 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940494.1 P-8370V-Prior to 6.1.44 P-8370V-Prior to 7.0.8 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-22003 P-10006V-10 P-10006V-11 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Oracle Solaris Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2940069.1 P-10006V-10 P-10006V-11 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (Zip4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-22899 P-5565V-12.2.1.4.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Access Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5565V-12.2.1.4.0 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (cURL)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Healthcare Translational Research accessible data as well as unauthorized access to critical data or complete access to all Oracle Healthcare Translational Research accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-23914 P-9427V-4.1.0 P-9427V-4.1.1 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (cURL)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Configuration Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-23916 P-14250V-22.4.1 P-14250V-23.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Configuration Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938418.1 P-14250V-22.4.1 P-14250V-23.1.0 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (cURL)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-23916 P-14122V-22.4.2 P-14122V-23.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938420.1 P-14122V-22.4.2 P-14122V-23.1.0 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (cURL)). Supported versions that are affected are 23.1.0 and 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-23916 P-14123V-23.1.0 P-14123V-22.4.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938437.1 P-14123V-23.1.0 P-14123V-22.4.2 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (cURL)). The supported version that is affected is 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-23916 P-14119V-22.4.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938438.1 P-14119V-22.4.1 Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (cURL)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2023-23916 P-4379V-21.4 0.0 Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-4379V-21.4 Security-in-Depth issue in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Node (Node.js)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2023-23918 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 0.0 Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2935948.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.9 P-13497V-Oracle GraalVM Enterprise Edition:21.3.5 P-13497V-Oracle GraalVM Enterprise Edition:22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Cryptography)). The supported version that is affected is 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Exposure Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). Security patch has been released CVE-2023-23931 P-14122V-22.4.2 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938420.1 P-14122V-22.4.2 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Cryptography)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). Security patch has been released CVE-2023-23931 P-14123V-22.4.0 P-14123V-23.1.0 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938437.1 P-14123V-22.4.0 P-14123V-23.1.0 Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Commons FileUpload)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-13676V-18.2 P-13676V-18.3 P-13676V-19.1 P-13676V-19.2 P-13676V-21.1 P-13676V-22.1 P-13676V-22.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking APIs Oracle customers with valid support contracts https://support.oracle.com P-13676V-18.2 P-13676V-18.3 P-13676V-19.1 P-13676V-19.2 P-13676V-21.1 P-13676V-22.1 P-13676V-22.2 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Commons FileUpload)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-21.1 P-12605V-22.1 P-12605V-22.2 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-14122V-22.4.2 P-14122V-23.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938420.1 P-14122V-22.4.2 P-14122V-23.1.0 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Apache Commons FileUpload)). Supported versions that are affected are 23.1.0 and 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-14123V-23.1.0 P-14123V-22.4.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938437.1 P-14123V-23.1.0 P-14123V-22.4.1 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Commons FileUpload)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-11052V-9.0.0 P-11052V-9.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Element Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938441.1 P-11052V-9.0.0 P-11052V-9.0.1 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Commons FileUpload)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-10770V-9.0.0 P-10770V-9.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Session Report Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938447.1 P-10770V-9.0.0 P-10770V-9.0.1 Vulnerability in the Oracle Database Workload Manager (Apache Commons FileUpload) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database Workload Manager (Apache Commons FileUpload). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Workload Manager (Apache Commons FileUpload). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-5(Oracle Database Workload Manager)V-21c 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Database Workload Manager (Apache Commons FileUpload) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-5(Oracle Database Workload Manager)V-21c Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Commons FileUpload)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Documaker Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939209.1 P-5477V-12.6.0.0.0 P-5477V-12.6.2.0.0-12.6.4.0.0 P-5477V-12.7.0.0.0 P-5477V-12.7.1.0.0 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-4647V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-4647V-12.2.1.4.0 Vulnerability in Oracle REST Data Services (component: Oracle REST Data Services (Apache Commons FileUpload)). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle REST Data Services. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-9456V-Prior to 23.1.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle REST Data Services Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-9456V-Prior to 23.1.0 Vulnerability in the Spatial and Graph (Apache Commons Fileupload) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Spatial and Graph (Apache Commons Fileupload). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Spatial and Graph (Apache Commons Fileupload). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-619V-19c P-619V-21c 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Spatial and Graph (Apache Commons Fileupload) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-619V-19c P-619V-21c Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-5242(Console)V-12.2.1.3.0 P-5242(Console)V-12.2.1.4.0 P-5242(Console)V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242(Console)V-12.2.1.3.0 P-5242(Console)V-12.2.1.4.0 P-5242(Console)V-14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-24998 P-5242(Third Party)V-12.2.1.3.0 P-5242(Third Party)V-12.2.1.4.0 P-5242(Third Party)V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936090.2 P-5242(Third Party)V-12.2.1.3.0 P-5242(Third Party)V-12.2.1.4.0 P-5242(Third Party)V-14.1.1.0.0 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (OpenSSH)). Supported versions that are affected are 4.1.0 and 4.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research as well as unauthorized update, insert or delete access to some of Oracle Healthcare Translational Research accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2023-25136 P-9427V-4.1.0 P-9427V-4.1.1 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939153.1 P-9427V-4.1.0 P-9427V-4.1.1 Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Kafka)). Supported versions that are affected are 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in takeover of Oracle Banking APIs. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25194 P-13676V-22.1 P-13676V-22.2 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Banking APIs Oracle customers with valid support contracts https://support.oracle.com P-13676V-22.1 P-13676V-22.2 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Kafka)). Supported versions that are affected are 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25194 P-12605V-22.1 P-12605V-22.2 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Banking Digital Experience Oracle customers with valid support contracts https://support.oracle.com P-12605V-22.1 P-12605V-22.2 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Kafka)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25194 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Financial Services Analytical Applications Infrastructure Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2939767.1 P-5680V-8.0.7.0 P-5680V-8.0.8.0 P-5680V-8.0.9.0 P-5680V-8.1.0.0 P-5680V-8.1.1.0 P-5680V-8.1.2.0 P-5680V-8.1.2.1 P-5680V-8.1.2.2 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Apache Kafka)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25194 P-9190V-8.0.8.1 P-9190V-8.1.1.1 P-9190V-8.1.2.3 P-9190V-8.1.2.4 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Financial Services Behavior Detection Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936356.1 P-9190V-8.0.8.1 P-9190V-8.1.1.1 P-9190V-8.1.2.3 P-9190V-8.1.2.4 Vulnerability in the Oracle Financial Services Regulatory Reporting product of Oracle Financial Services Applications (component: Application (Apache Kafka)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Regulatory Reporting. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25194 P-9142V-8.0.8.1 P-9142V-8.1.1.1 P-9142V-8.1.2.3 P-9142V-8.1.2.4 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Financial Services Regulatory Reporting Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936339.1 P-9142V-8.0.8.1 P-9142V-8.1.1.1 P-9142V-8.1.2.3 P-9142V-8.1.2.4 Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2023-25194 P-1875V-Prior to 23.1.0 0.0 Oracle SQL Developer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2923348.1 P-1875V-Prior to 23.1.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Werkzeug)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-25577 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938436.1 P-14277V-22.4.0-22.4.4 P-14277V-23.1.0-23.1.1 Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (Apache Kerby)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Configuration Console. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25613 P-14250V-22.4.1 P-14250V-23.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Configuration Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938418.1 P-14250V-22.4.1 P-14250V-23.1.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: FEServer (Apache HTTP Server)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25690 P-11052V-9.0.0 P-11052V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Element Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938441.1 P-11052V-9.0.0 P-11052V-9.0.1 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: FEServer (Apache HTTP Server)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-25690 P-10770V-9.0.0 P-10770V-9.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Session Report Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938447.1 P-10770V-9.0.0 P-10770V-9.0.1 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Apache Tomcat)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-28708 P-10900V-12.6.0.0.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Oracle Communications Policy Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2938443.1 P-10900V-12.6.0.0.0 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Apache Tomcat)). The supported version that is affected is 8.0.8.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Management Studio accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-28708 P-13595V-8.0.8.3.5 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Oracle Financial Services Crime and Compliance Management Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2936386.1 P-13595V-8.0.8.3.5