{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "publisher": { "category": "vendor", "name": "Oracle", "namespace": "https://www.oracle.com" }, "references": [ { "summary": "URL to html version of Advisory", "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "category": "self", "summary": "URL to CSAF version of Advisory", "url": "https://www.oracle.com/docs/tech/security-alerts/cpuapr2024csaf.json" } ], "title": "Oracle Critical Patch Update Advisory - April 2024 - Oracle CSAF", "tracking": { "current_release_date": "2024-09-18T13:00:00-07:00", "id": "CPUApr2024csaf", "initial_release_date": "2024-04-16T13:00:00-07:00", "revision_history": [ { "date": "2024-04-16T13:00:00-07:00", "number": "1", "summary": "Initial Release" }, { "date": "2024-09-18T13:00:00-07:00", "number": "2", "summary": "Rev 2. Update affected versions for Oracle Communication Cloud Native Core Binding Support Function and Siebel Apps Products with Credit order and EBS product name update" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle BI Publisher Version 12.2.1.4.0", "product": { "name": "Oracle BI Publisher Version 12.2.1.4.0", "product_id": "P-1479V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle BI Publisher Version 7.0.0.0.0", "product": { "name": "Oracle BI Publisher Version 7.0.0.0.0", "product_id": "P-1479V-7.0.0.0.0" } } ], "category": "product_name", "name": "Oracle BI Publisher" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product_id": "P-2025V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product_id": "P-2025V-7.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Business Intelligence Enterprise Edition" } ], "category": "product_family", "name": "Oracle Analytics" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Autonomous Health Framework Version Prior to 23.11.1", "product": { "name": "Autonomous Health Framework Version Prior to 23.11.1", "product_id": "P-14634V-Prior to 23.11.1" } }, { "category": "product_version_range", "name": "Autonomous Health Framework Version Prior to 24.1", "product": { "name": "Autonomous Health Framework Version Prior to 24.1", "product_id": "P-14634V-Prior to 24.1" } }, { "category": "product_version_range", "name": "Autonomous Health Framework Version Prior to 24.2", "product": { "name": "Autonomous Health Framework Version Prior to 24.2", "product_id": "P-14634V-Prior to 24.2" } } ], "category": "product_name", "name": "Autonomous Health Framework" } ], "category": "product_family", "name": "Oracle Autonomous Health Framework" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Big Data Spatial and Graph Version 3.0.5", "product": { "name": "Oracle Big Data Spatial and Graph Version 3.0.5", "product_id": "P-11528V-3.0.5" } } ], "category": "product_name", "name": "Oracle Big Data Spatial and Graph" } ], "category": "product_family", "name": "Oracle Big Data Spatial and Graph" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Commerce Guided Search Version 11.3.2", "product": { "name": "Oracle Commerce Guided Search Version 11.3.2", "product_id": "P-9633V-11.3.2" } } ], "category": "product_name", "name": "Oracle Commerce Guided Search" }, { "branches": [ { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.0", "product": { "name": "Oracle Commerce Platform Version 11.3.0", "product_id": "P-9348V-11.3.0" } }, { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.1", "product": { "name": "Oracle Commerce Platform Version 11.3.1", "product_id": "P-9348V-11.3.1" } }, { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.2", "product": { "name": "Oracle Commerce Platform Version 11.3.2", "product_id": "P-9348V-11.3.2" } } ], "category": "product_name", "name": "Oracle Commerce Platform" } ], "category": "product_family", "name": "Oracle Commerce" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Management Cloud Engine Version 24.1.0.0.0", "product": { "name": "Management Cloud Engine Version 24.1.0.0.0", "product_id": "P-14252V-24.1.0.0.0" } } ], "category": "product_name", "name": "Management Cloud Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Binding Support Function(Install/Upgrade) Version 23.4.0-23.4.1", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function(Install/Upgrade) Version 23.4.0-23.4.1", "product_id": "P-14121(Install/Upgrade)V-23.4.0-23.4.1" } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.4.0-23.4.1", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.4.0-23.4.1", "product_id": "P-14121V-23.4.0-23.4.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Binding Support Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Console Version 23.4.0", "product_id": "P-14250V-23.4.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Console" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 24.1.0", "product": { "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 24.1.0", "product_id": "P-14489V-24.1.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Data Analytics Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.4.1", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.4.1", "product_id": "P-14122V-23.4.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Exposure Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.0", "product_id": "P-14125V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Install/Upgrade) Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Install/Upgrade) Version 23.3.1", "product_id": "P-14125(Install/Upgrade)V-23.3.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.3.1", "product_id": "P-14125V-23.3.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Install/Upgrade) Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Install/Upgrade) Version 23.4.0", "product_id": "P-14125(Install/Upgrade)V-23.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Installation) Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Installation) Version 23.4.0", "product_id": "P-14125(Installation)V-23.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Obserability Services Overlay) Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Obserability Services Overlay) Version 23.4.0", "product_id": "P-14125(Obserability Services Overlay)V-23.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Observability Services Overlay) Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment(Observability Services Overlay) Version 23.4.0", "product_id": "P-14125(Observability Services Overlay)V-23.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.4.0", "product_id": "P-14125V-23.4.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function(Install/Upgrade) Version 23.4.1", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function(Install/Upgrade) Version 23.4.1", "product_id": "P-14118(Install/Upgrade)V-23.4.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.4.1", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.4.1", "product_id": "P-14118V-23.4.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Repository Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.2.0", "product_id": "P-14130V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.3.0", "product_id": "P-14130V-23.3.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Policy(Install/Upgrade) Version 23.4.0-23.4.2", "product": { "name": "Oracle Communications Cloud Native Core Policy(Install/Upgrade) Version 23.4.0-23.4.2", "product_id": "P-14277(Install/Upgrade)V-23.4.0-23.4.2" } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Policy Version 23.4.0-23.4.2", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 23.4.0-23.4.2", "product_id": "P-14277V-23.4.0-23.4.2" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Policy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy(Automated Test Suite) Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy(Automated Test Suite) Version 23.3.0", "product_id": "P-14123(Automated Test Suite)V-23.3.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.3.0", "product_id": "P-14123V-23.3.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.4.0", "product_id": "P-14123V-23.4.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.1.0", "product_id": "P-14117V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.2.2", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.2.2", "product_id": "P-14117V-23.2.2" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.3.0", "product_id": "P-14117V-23.3.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.4.0", "product_id": "P-14117V-23.4.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Service Communication Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 22.4.0", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 22.4.0", "product_id": "P-14119V-22.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.0", "product_id": "P-14119V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.2.0", "product_id": "P-14119V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.3.2", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.3.2", "product_id": "P-14119V-23.3.2" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Unified Data Repository" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router(Patches) Version 9.0.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router(Patches) Version 9.0.0.0", "product_id": "P-10899(Patches)V-9.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router(Platform) Version 9.0.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router(Platform) Version 9.0.0.0", "product_id": "P-10899(Platform)V-9.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product_id": "P-10899V-9.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Diameter Signaling Router" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Element Manager Version 9.0.0-9.0.2", "product": { "name": "Oracle Communications Element Manager Version 9.0.0-9.0.2", "product_id": "P-11052V-9.0.0-9.0.2" } } ], "category": "product_name", "name": "Oracle Communications Element Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Fraud Monitor Version 5.0", "product": { "name": "Oracle Communications Fraud Monitor Version 5.0", "product_id": "P-10763V-5.0" } }, { "category": "product_version", "name": "Oracle Communications Fraud Monitor Version 5.1", "product": { "name": "Oracle Communications Fraud Monitor Version 5.1", "product_id": "P-10763V-5.1" } }, { "category": "product_version", "name": "Oracle Communications Fraud Monitor Version 5.2", "product": { "name": "Oracle Communications Fraud Monitor Version 5.2", "product_id": "P-10763V-5.2" } } ], "category": "product_name", "name": "Oracle Communications Fraud Monitor" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 5.0", "product": { "name": "Oracle Communications Operations Monitor Version 5.0", "product_id": "P-10761V-5.0" } }, { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 5.1", "product": { "name": "Oracle Communications Operations Monitor Version 5.1", "product_id": "P-10761V-5.1" } }, { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 5.2", "product": { "name": "Oracle Communications Operations Monitor Version 5.2", "product_id": "P-10761V-5.2" } } ], "category": "product_name", "name": "Oracle Communications Operations Monitor" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.2", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.2", "product_id": "P-10770V-9.0.0-9.0.2" } } ], "category": "product_name", "name": "Oracle Communications Session Report Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications User Data Repository Version 14.0.0.0.0", "product": { "name": "Oracle Communications User Data Repository Version 14.0.0.0.0", "product_id": "P-11108V-14.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications User Data Repository" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications WebRTC Session Controller Version 7.2.0.0.0-7.2.1.0.0", "product": { "name": "Oracle Communications WebRTC Session Controller Version 7.2.0.0.0-7.2.1.0.0", "product_id": "P-10811V-7.2.0.0.0-7.2.1.0.0" } } ], "category": "product_name", "name": "Oracle Communications WebRTC Session Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle SD-WAN Edge Version 9.1.1.7.0", "product": { "name": "Oracle SD-WAN Edge Version 9.1.1.7.0", "product_id": "P-13940V-9.1.1.7.0" } } ], "category": "product_name", "name": "Oracle SD-WAN Edge" } ], "category": "product_family", "name": "Oracle Communications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.8", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.8", "product_id": "P-9742V-12.0.0.4-12.0.0.8" } }, { "category": "product_version", "name": "Oracle Communications BRM - Elastic Charging Engine Version 15.0.0.0", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 15.0.0.0", "product_id": "P-9742V-15.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications BRM - Elastic Charging Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4-12.0.0.8", "product": { "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4-12.0.0.8", "product_id": "P-2136V-12.0.0.4-12.0.0.8" } }, { "category": "product_version", "name": "Oracle Communications Billing and Revenue Management Version 15.0.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management Version 15.0.0.0", "product_id": "P-2136V-15.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Billing and Revenue Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.3.6.4", "product": { "name": "Oracle Communications Network Integrity Version 7.3.6.4", "product_id": "P-4491V-7.3.6.4" } } ], "category": "product_name", "name": "Oracle Communications Network Integrity" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Offline Mediation Controller Version 12.0.0.1-12.0.0.8", "product": { "name": "Oracle Communications Offline Mediation Controller Version 12.0.0.1-12.0.0.8", "product_id": "P-2269V-12.0.0.1-12.0.0.8" } } ], "category": "product_name", "name": "Oracle Communications Offline Mediation Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 8.0.0.1.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 8.0.0.1.0", "product_id": "P-2283V-8.0.0.1.0" } } ], "category": "product_name", "name": "Oracle Communications Service Catalog and Design" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Unified Inventory Management Version 7.4.0-7.4.2", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.0-7.4.2", "product_id": "P-4516V-7.4.0-7.4.2" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product_id": "P-4516V-7.4.1" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product_id": "P-4516V-7.4.2" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product_id": "P-4516V-7.5.0" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.5.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.1", "product_id": "P-4516V-7.5.1" } } ], "category": "product_name", "name": "Oracle Communications Unified Inventory Management" } ], "category": "product_family", "name": "Oracle Communications Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Primavera Gateway Version 19.12.0-19.12.18", "product": { "name": "Primavera Gateway Version 19.12.0-19.12.18", "product_id": "P-10605V-19.12.0-19.12.18" } }, { "category": "product_version_range", "name": "Primavera Gateway Version 20.12.0-20.12.13", "product": { "name": "Primavera Gateway Version 20.12.0-20.12.13", "product_id": "P-10605V-20.12.0-20.12.13" } }, { "category": "product_version_range", "name": "Primavera Gateway Version 21.12.0-21.12.11", "product": { "name": "Primavera Gateway Version 21.12.0-21.12.11", "product_id": "P-10605V-21.12.0-21.12.11" } } ], "category": "product_name", "name": "Primavera Gateway" }, { "branches": [ { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 19.12.0-19.12.22", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 19.12.0-19.12.22", "product_id": "P-5579V-19.12.0-19.12.22" } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 20.12.0-20.12.21", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 20.12.0-20.12.21", "product_id": "P-5579V-20.12.0-20.12.21" } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 21.12.0-21.12.18", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 21.12.0-21.12.18", "product_id": "P-5579V-21.12.0-21.12.18" } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0-22.12.12", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0-22.12.12", "product_id": "P-5579V-22.12.0-22.12.12" } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 23.12.0-23.12.2", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 23.12.0-23.12.2", "product_id": "P-5579V-23.12.0-23.12.2" } } ], "category": "product_name", "name": "Primavera P6 Enterprise Project Portfolio Management" }, { "branches": [ { "category": "product_version_range", "name": "Primavera Unifier Version 19.12.0-19.12.16", "product": { "name": "Primavera Unifier Version 19.12.0-19.12.16", "product_id": "P-10354V-19.12.0-19.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 20.12.0-20.12.16", "product": { "name": "Primavera Unifier Version 20.12.0-20.12.16", "product_id": "P-10354V-20.12.0-20.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 21.12.0-21.12.17", "product": { "name": "Primavera Unifier Version 21.12.0-21.12.17", "product_id": "P-10354V-21.12.0-21.12.17" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 22.12.0-22.12.12", "product": { "name": "Primavera Unifier Version 22.12.0-22.12.12", "product_id": "P-10354V-22.12.0-22.12.12" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 23.12.0-23.12.3", "product": { "name": "Primavera Unifier Version 23.12.0-23.12.3", "product_id": "P-10354V-23.12.0-23.12.3" } } ], "category": "product_name", "name": "Primavera Unifier" } ], "category": "product_family", "name": "Oracle Construction and Engineering" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Database Configuration Assistant Version 19.3-19.22", "product": { "name": "Oracle Database Configuration Assistant Version 19.3-19.22", "product_id": "P-383V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Configuration Assistant Version 21.3-21.13", "product": { "name": "Oracle Database Configuration Assistant Version 21.3-21.13", "product_id": "P-383V-21.3-21.13" } } ], "category": "product_name", "name": "Oracle Database Configuration Assistant" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Database Gateway for APPC Version 19.3-19.22", "product": { "name": "Oracle Database Gateway for APPC Version 19.3-19.22", "product_id": "P-774V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Gateway for APPC Version 21.3-21.13", "product": { "name": "Oracle Database Gateway for APPC Version 21.3-21.13", "product_id": "P-774V-21.3-21.13" } } ], "category": "product_name", "name": "Oracle Database Gateway for APPC" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Database Server(Core RDBMS) Version 19.3-19.22", "product": { "name": "Oracle Database Server(Core RDBMS) Version 19.3-19.22", "product_id": "P-5(Core RDBMS)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(Global Service Manager) Version 19.3-19.22", "product": { "name": "Oracle Database Server(Global Service Manager) Version 19.3-19.22", "product_id": "P-5(Global Service Manager)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 19.3-19.22", "product": { "name": "Oracle Database Server(Java VM) Version 19.3-19.22", "product_id": "P-5(Java VM)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Sharding) Version 19.3-19.22", "product": { "name": "Oracle Database Server(Oracle Database Sharding) Version 19.3-19.22", "product_id": "P-5(Oracle Database Sharding)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS) Version 19.3-19.22", "product": { "name": "Oracle Database Server(RDBMS) Version 19.3-19.22", "product_id": "P-5(RDBMS)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 19.3-19.22", "product": { "name": "Oracle Database Server(SQLcl) Version 19.3-19.22", "product_id": "P-5(SQLcl)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(Security) Version 19.3-19.22", "product": { "name": "Oracle Database Server(Security) Version 19.3-19.22", "product_id": "P-5(Security)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(Unified Audit) Version 19.3-19.22", "product": { "name": "Oracle Database Server(Unified Audit) Version 19.3-19.22", "product_id": "P-5(Unified Audit)V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Database Server(Core RDBMS) Version 21.3-21.13", "product": { "name": "Oracle Database Server(Core RDBMS) Version 21.3-21.13", "product_id": "P-5(Core RDBMS)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(Global Service Manager) Version 21.3-21.13", "product": { "name": "Oracle Database Server(Global Service Manager) Version 21.3-21.13", "product_id": "P-5(Global Service Manager)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(GraalVM Multilingual Engine) Version 21.3-21.13", "product": { "name": "Oracle Database Server(GraalVM Multilingual Engine) Version 21.3-21.13", "product_id": "P-5(GraalVM Multilingual Engine)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(Grid Infrastructure) Version 21.3-21.13", "product": { "name": "Oracle Database Server(Grid Infrastructure) Version 21.3-21.13", "product_id": "P-5(Grid Infrastructure)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 21.3-21.13", "product": { "name": "Oracle Database Server(Java VM) Version 21.3-21.13", "product_id": "P-5(Java VM)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Sharding) Version 21.3-21.13", "product": { "name": "Oracle Database Server(Oracle Database Sharding) Version 21.3-21.13", "product_id": "P-5(Oracle Database Sharding)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS) Version 21.3-21.13", "product": { "name": "Oracle Database Server(RDBMS) Version 21.3-21.13", "product_id": "P-5(RDBMS)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 21.3-21.13", "product": { "name": "Oracle Database Server(SQLcl) Version 21.3-21.13", "product_id": "P-5(SQLcl)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(Security) Version 21.3-21.13", "product": { "name": "Oracle Database Server(Security) Version 21.3-21.13", "product_id": "P-5(Security)V-21.3-21.13" } }, { "category": "product_version_range", "name": "Oracle Database Server(Unified Audit) Version 21.3-21.13", "product": { "name": "Oracle Database Server(Unified Audit) Version 21.3-21.13", "product_id": "P-5(Unified Audit)V-21.3-21.13" } } ], "category": "product_name", "name": "Oracle Database Server" }, { "branches": [ { "category": "product_version_range", "name": "Oracle SQLcl Version 19.3-19.22", "product": { "name": "Oracle SQLcl Version 19.3-19.22", "product_id": "P-13824V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle SQLcl Version 21.3-21.13", "product": { "name": "Oracle SQLcl Version 21.3-21.13", "product_id": "P-13824V-21.3-21.13" } } ], "category": "product_name", "name": "Oracle SQLcl" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Spatial and Graph MapViewer Version 19.3-19.22", "product": { "name": "Oracle Spatial and Graph MapViewer Version 19.3-19.22", "product_id": "P-619V-19.3-19.22" } }, { "category": "product_version_range", "name": "Oracle Spatial and Graph MapViewer Version 21.3-21.13", "product": { "name": "Oracle Spatial and Graph MapViewer Version 21.3-21.13", "product_id": "P-619V-21.3-21.13" } } ], "category": "product_name", "name": "Oracle Spatial and Graph MapViewer" }, { "branches": [ { "category": "product_version_range", "name": "Universal Installer Version 19.3-19.22", "product": { "name": "Universal Installer Version 19.3-19.22", "product_id": "P-662V-19.3-19.22" } }, { "category": "product_version_range", "name": "Universal Installer Version 21.3-21.13", "product": { "name": "Universal Installer Version 21.3-21.13", "product_id": "P-662V-21.3-21.13" } } ], "category": "product_name", "name": "Universal Installer" } ], "category": "product_family", "name": "Oracle Database Server" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Framework Version 12.2.9-12.2.13", "product": { "name": "Oracle Applications Framework Version 12.2.9-12.2.13", "product_id": "P-1472V-12.2.9-12.2.13" } } ], "category": "product_name", "name": "Oracle Applications Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Technology Stack Version 12.2.3-12.2.13", "product": { "name": "Oracle Applications Technology Stack Version 12.2.3-12.2.13", "product_id": "P-1745V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Applications Technology Stack" }, { "branches": [ { "category": "product_version_range", "name": "Oracle CRM Technical Foundation Version 12.2.3-12.2.13", "product": { "name": "Oracle CRM Technical Foundation Version 12.2.3-12.2.13", "product_id": "P-1199V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle CRM Technical Foundation" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 12.2.3-12.2.13", "product": { "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 12.2.3-12.2.13", "product_id": "P-1184V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Complex Maintenance, Repair, and Overhaul" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Concurrent Processing Version 12.2.3-12.2.13", "product": { "name": "Oracle Concurrent Processing Version 12.2.3-12.2.13", "product_id": "P-9303V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Concurrent Processing" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Installed Base Version 12.2.3-12.2.13", "product": { "name": "Oracle Installed Base Version 12.2.3-12.2.13", "product_id": "P-1118V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Installed Base" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Marketing Version 12.2.3-12.2.13", "product": { "name": "Oracle Marketing Version 12.2.3-12.2.13", "product_id": "P-229V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Marketing" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Partner Management Version 12.2.3-12.2.13", "product": { "name": "Oracle Partner Management Version 12.2.3-12.2.13", "product_id": "P-1065V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Partner Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Production Scheduling Version 12.2.4-12.2.12", "product": { "name": "Oracle Production Scheduling Version 12.2.4-12.2.12", "product_id": "P-1983V-12.2.4-12.2.12" } } ], "category": "product_name", "name": "Oracle Production Scheduling" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Trade Management Version 12.2.3-12.2.13", "product": { "name": "Oracle Trade Management Version 12.2.3-12.2.13", "product_id": "P-765V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Trade Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Web Applications Desktop Integrator Version 12.2.3-12.2.13", "product": { "name": "Oracle Web Applications Desktop Integrator Version 12.2.3-12.2.13", "product_id": "P-1171V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Web Applications Desktop Integrator" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Workflow Version 12.2.3-12.2.13", "product": { "name": "Oracle Workflow Version 12.2.3-12.2.13", "product_id": "P-174V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Workflow" } ], "category": "product_family", "name": "Oracle E-Business Suite" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Testing Suite Version 13.3.0.1", "product": { "name": "Oracle Application Testing Suite Version 13.3.0.1", "product_id": "P-4622V-13.3.0.1" } } ], "category": "product_name", "name": "Oracle Application Testing Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0", "product_id": "P-1370V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager Base Platform" } ], "category": "product_family", "name": "Oracle Enterprise Manager" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Essbase Version 21.5.4.0.0", "product": { "name": "Oracle Essbase Version 21.5.4.0.0", "product_id": "P-4379V-21.5.4.0.0" } } ], "category": "product_name", "name": "Oracle Essbase" } ], "category": "product_family", "name": "Oracle Essbase" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Banking APIs Version 19.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 19.1.0.0.0", "product_id": "P-13676V-19.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 19.2.0.0.0", "product": { "name": "Oracle Banking APIs Version 19.2.0.0.0", "product_id": "P-13676V-19.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 21.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 21.1.0.0.0", "product_id": "P-13676V-21.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 22.1.0.0.0", "product_id": "P-13676V-22.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.2.0.0.0", "product": { "name": "Oracle Banking APIs Version 22.2.0.0.0", "product_id": "P-13676V-22.2.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking APIs" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Branch(Reports) Version 14.5.0.0.0", "product": { "name": "Oracle Banking Branch(Reports) Version 14.5.0.0.0", "product_id": "P-14324(Reports)V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Branch Version 14.5.0.0.0", "product": { "name": "Oracle Banking Branch Version 14.5.0.0.0", "product_id": "P-14324V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Branch(Reports) Version 14.6.0.0.0", "product": { "name": "Oracle Banking Branch(Reports) Version 14.6.0.0.0", "product_id": "P-14324(Reports)V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Branch Version 14.6.0.0.0", "product": { "name": "Oracle Banking Branch Version 14.6.0.0.0", "product_id": "P-14324V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Branch(Reports) Version 14.7.0.0.0", "product": { "name": "Oracle Banking Branch(Reports) Version 14.7.0.0.0", "product_id": "P-14324(Reports)V-14.7.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Branch Version 14.7.0.0.0", "product": { "name": "Oracle Banking Branch Version 14.7.0.0.0", "product_id": "P-14324V-14.7.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Branch" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Cash Management(Accessibility) Version 14.5.0.0.0", "product": { "name": "Oracle Banking Cash Management(Accessibility) Version 14.5.0.0.0", "product_id": "P-14195(Accessibility)V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Cash Management Version 14.5.0.0.0", "product": { "name": "Oracle Banking Cash Management Version 14.5.0.0.0", "product_id": "P-14195V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Cash Management(Accessibility) Version 14.6.0.0.0", "product": { "name": "Oracle Banking Cash Management(Accessibility) Version 14.6.0.0.0", "product_id": "P-14195(Accessibility)V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Cash Management Version 14.6.0.0.0", "product": { "name": "Oracle Banking Cash Management Version 14.6.0.0.0", "product_id": "P-14195V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Cash Management(Accessibility) Version 14.7.0.0.0", "product": { "name": "Oracle Banking Cash Management(Accessibility) Version 14.7.0.0.0", "product_id": "P-14195(Accessibility)V-14.7.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Cash Management Version 14.7.0.0.0", "product": { "name": "Oracle Banking Cash Management Version 14.7.0.0.0", "product_id": "P-14195V-14.7.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Cash Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Deposits and Lines of Credit Servicing Version 2.12.0.0.0", "product": { "name": "Oracle Banking Deposits and Lines of Credit Servicing Version 2.12.0.0.0", "product_id": "P-13928V-2.12.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Deposits and Lines of Credit Servicing" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Digital Experience Version 19.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 19.1.0.0.0", "product_id": "P-12605V-19.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 19.2.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 19.2.0.0.0", "product_id": "P-12605V-19.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 21.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 21.1.0.0.0", "product_id": "P-12605V-21.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 22.1.0.0.0", "product_id": "P-12605V-22.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.2.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 22.2.0.0.0", "product_id": "P-12605V-22.2.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Digital Experience" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Enterprise Default Management Version 2.12.0.0.0", "product": { "name": "Oracle Banking Enterprise Default Management Version 2.12.0.0.0", "product_id": "P-13390V-2.12.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Enterprise Default Management Version 2.7.0.0.0", "product": { "name": "Oracle Banking Enterprise Default Management Version 2.7.0.0.0", "product_id": "P-13390V-2.7.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Enterprise Default Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Liquidity Management(Common) Version 14.5.0.0.0", "product": { "name": "Oracle Banking Liquidity Management(Common) Version 14.5.0.0.0", "product_id": "P-13304(Common)V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.5.0.0.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.5.0.0.0", "product_id": "P-13304V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management(Common) Version 14.6.0.0.0", "product": { "name": "Oracle Banking Liquidity Management(Common) Version 14.6.0.0.0", "product_id": "P-13304(Common)V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.6.0.0.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.6.0.0.0", "product_id": "P-13304V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management(Common) Version 14.7.0.0.0", "product": { "name": "Oracle Banking Liquidity Management(Common) Version 14.7.0.0.0", "product_id": "P-13304(Common)V-14.7.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.7.0.0.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.7.0.0.0", "product_id": "P-13304V-14.7.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management(Infrastructure) Version 14.7.0.3.0", "product": { "name": "Oracle Banking Liquidity Management(Infrastructure) Version 14.7.0.3.0", "product_id": "P-13304(Infrastructure)V-14.7.0.3.0" } } ], "category": "product_name", "name": "Oracle Banking Liquidity Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Loans Servicing Version 2.12.0.0.0", "product": { "name": "Oracle Banking Loans Servicing Version 2.12.0.0.0", "product_id": "P-13927V-2.12.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Loans Servicing" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Origination(Basic Config/Maintenances) Version 14.5.0.0.0", "product": { "name": "Oracle Banking Origination(Basic Config/Maintenances) Version 14.5.0.0.0", "product_id": "P-14325(Basic Config/Maintenances)V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Origination Version 14.5.0.0.0", "product": { "name": "Oracle Banking Origination Version 14.5.0.0.0", "product_id": "P-14325V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Origination(Basic Config/Maintenances) Version 14.6.0.0.0", "product": { "name": "Oracle Banking Origination(Basic Config/Maintenances) Version 14.6.0.0.0", "product_id": "P-14325(Basic Config/Maintenances)V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Origination Version 14.6.0.0.0", "product": { "name": "Oracle Banking Origination Version 14.6.0.0.0", "product_id": "P-14325V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Origination(Basic Config/Maintenances) Version 14.7.0.0.0", "product": { "name": "Oracle Banking Origination(Basic Config/Maintenances) Version 14.7.0.0.0", "product_id": "P-14325(Basic Config/Maintenances)V-14.7.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Origination Version 14.7.0.0.0", "product": { "name": "Oracle Banking Origination Version 14.7.0.0.0", "product_id": "P-14325V-14.7.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Origination" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Party Management Version 2.7.0.0.0", "product": { "name": "Oracle Banking Party Management Version 2.7.0.0.0", "product_id": "P-13929V-2.7.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Party Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Platform Version 2.12.0.0.0", "product": { "name": "Oracle Banking Platform Version 2.12.0.0.0", "product_id": "P-9178V-2.12.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Platform Version 2.7.0.0.0", "product": { "name": "Oracle Banking Platform Version 2.7.0.0.0", "product_id": "P-9178V-2.7.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.5.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.5.0.0.0", "product_id": "P-13487(Common Core)V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Virtual Account Management Version 14.5.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management Version 14.5.0.0.0", "product_id": "P-13487V-14.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.6.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.6.0.0.0", "product_id": "P-13487(Common Core)V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Virtual Account Management Version 14.6.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management Version 14.6.0.0.0", "product_id": "P-13487V-14.6.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.7.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.7.0.0.0", "product_id": "P-13487(Common Core)V-14.7.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Virtual Account Management Version 14.7.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management Version 14.7.0.0.0", "product_id": "P-13487V-14.7.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Virtual Account Management" }, { "branches": [ { "category": "product_version", "name": "Oracle FLEXCUBE Private Banking Version 12.1.0.0.0", "product": { "name": "Oracle FLEXCUBE Private Banking Version 12.1.0.0.0", "product_id": "P-9110V-12.1.0.0.0" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Private Banking" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 2.8.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.8.0.0.0", "product_id": "P-5322V-2.8.0.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0.0.0", "product_id": "P-5322V-2.9.0.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0.1.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0.1.0", "product_id": "P-5322V-2.9.0.1.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 3.0.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 3.0.0.0.0", "product_id": "P-5322V-3.0.0.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 3.1.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 3.1.0.0.0", "product_id": "P-5322V-3.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 3.2.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 3.2.0.0.0", "product_id": "P-5322V-3.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 4.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 4.0.0.0", "product_id": "P-5322V-4.0.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 5.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 5.0.0.0", "product_id": "P-5322V-5.0.0.0" } } ], "category": "product_name", "name": "Oracle Financial Services Revenue Management and Billing" } ], "category": "product_family", "name": "Oracle Financial Services Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Hospitality Simphony Version 19.1.0-19.5.4", "product": { "name": "Oracle Hospitality Simphony Version 19.1.0-19.5.4", "product_id": "P-11594V-19.1.0-19.5.4" } } ], "category": "product_name", "name": "Oracle Hospitality Simphony" } ], "category": "product_family", "name": "Oracle Food and Beverage Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Access Manager Version 12.2.1.4.0", "product": { "name": "Oracle Access Manager Version 12.2.1.4.0", "product_id": "P-5565V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Access Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Coherence Version 12.2.1.4.0", "product": { "name": "Oracle Coherence Version 12.2.1.4.0", "product_id": "P-2545V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Coherence Version 14.1.1.0.0", "product": { "name": "Oracle Coherence Version 14.1.1.0.0", "product_id": "P-2545V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle Coherence" }, { "branches": [ { "category": "product_version", "name": "Oracle Data Integrator Version 12.2.1.4.0", "product": { "name": "Oracle Data Integrator Version 12.2.1.4.0", "product_id": "P-2196V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Data Integrator" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product": { "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product_id": "P-9464V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Enterprise Data Quality" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Fusion Middleware Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Fusion Middleware Version 13.5.0.0", "product_id": "P-1369V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Fusion Middleware" }, { "branches": [ { "category": "product_version", "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product_id": "P-1215V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Fusion Middleware MapViewer" }, { "branches": [ { "category": "product_version", "name": "Oracle Global Lifecycle Management NextGen OUI Framework Version 12.2.1.4.0", "product": { "name": "Oracle Global Lifecycle Management NextGen OUI Framework Version 12.2.1.4.0", "product_id": "P-12738V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Global Lifecycle Management NextGen OUI Framework" }, { "branches": [ { "category": "product_version", "name": "Oracle HTTP Server Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server Version 12.2.1.4.0", "product_id": "P-1042V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle HTTP Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Version 12.2.1.4.0", "product": { "name": "Oracle Identity Manager Version 12.2.1.4.0", "product_id": "P-1980V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Identity Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Connector Version 12.2.1.3.0", "product": { "name": "Oracle Identity Manager Connector Version 12.2.1.3.0", "product_id": "P-1999V-12.2.1.3.0" } } ], "category": "product_name", "name": "Oracle Identity Manager Connector" }, { "branches": [ { "category": "product_version", "name": "Oracle Internet Directory Version 12.2.1.4.0", "product": { "name": "Oracle Internet Directory Version 12.2.1.4.0", "product_id": "P-355V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Internet Directory" }, { "branches": [ { "category": "product_version", "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product": { "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product_id": "P-10198V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Managed File Transfer" }, { "branches": [ { "category": "product_version", "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product": { "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product_id": "P-4647V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Middleware Common Libraries and Tools Version 14.1.1.0.0", "product": { "name": "Oracle Middleware Common Libraries and Tools Version 14.1.1.0.0", "product_id": "P-4647V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle Middleware Common Libraries and Tools" }, { "branches": [ { "category": "product_version", "name": "Oracle Outside In Technology Version 8.5.6", "product": { "name": "Oracle Outside In Technology Version 8.5.6", "product_id": "P-2276V-8.5.6" } }, { "category": "product_version", "name": "Oracle Outside In Technology Version 8.5.7", "product": { "name": "Oracle Outside In Technology Version 8.5.7", "product_id": "P-2276V-8.5.7" } } ], "category": "product_name", "name": "Oracle Outside In Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle SOA Suite Version 12.2.1.4.0", "product": { "name": "Oracle SOA Suite Version 12.2.1.4.0", "product_id": "P-1162V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle SOA Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Web Services Manager Version 12.2.1.4.0", "product": { "name": "Oracle Web Services Manager Version 12.2.1.4.0", "product_id": "P-1775V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Web Services Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product_id": "P-2271V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Content" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Enterprise Capture Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Enterprise Capture Version 12.2.1.4.0", "product_id": "P-10212V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Enterprise Capture" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product_id": "P-1696V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Portal" }, { "branches": [ { "category": "product_version", "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product": { "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product_id": "P-5242V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product": { "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product_id": "P-5242V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle WebLogic Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Weblogic Server Proxy Plug-in Version 12.2.1.4.0", "product": { "name": "Oracle Weblogic Server Proxy Plug-in Version 12.2.1.4.0", "product_id": "P-1042V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Weblogic Server Proxy Plug-in Version 14.1.1.0.0", "product": { "name": "Oracle Weblogic Server Proxy Plug-in Version 14.1.1.0.0", "product_id": "P-1042V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle Weblogic Server Proxy Plug-in" } ], "category": "product_family", "name": "Oracle Fusion Middleware" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "OPatch Version Prior to 12.2.0.1.42", "product": { "name": "OPatch Version Prior to 12.2.0.1.42", "product_id": "P-12753V-Prior to 12.2.0.1.42" } } ], "category": "product_name", "name": "OPatch" }, { "branches": [ { "category": "product_version_range", "name": "OPatchAuto Version Prior to 12.2.0.1.42", "product": { "name": "OPatchAuto Version Prior to 12.2.0.1.42", "product_id": "P-12752V-Prior to 12.2.0.1.42" } } ], "category": "product_name", "name": "OPatchAuto" } ], "category": "product_family", "name": "Oracle Global Lifecycle Management" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Version 19.1.0.0.0-19.22.0.0.240124", "product": { "name": "Oracle GoldenGate Version 19.1.0.0.0-19.22.0.0.240124", "product_id": "P-5757V-19.1.0.0.0-19.22.0.0.240124" } }, { "category": "product_version_range", "name": "Oracle GoldenGate Version 21.3-21.13", "product": { "name": "Oracle GoldenGate Version 21.3-21.13", "product_id": "P-5757V-21.3-21.13" } } ], "category": "product_name", "name": "Oracle GoldenGate" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.8", "product": { "name": "Oracle GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.8", "product_id": "P-14015V-19.1.0.0.0-19.1.0.0.8" } } ], "category": "product_name", "name": "Oracle GoldenGate Stream Analytics" }, { "branches": [ { "category": "product_version", "name": "Oracle GoldenGate Studio Version 12.2.0.4.0", "product": { "name": "Oracle GoldenGate Studio Version 12.2.0.4.0", "product_id": "P-10945V-12.2.0.4.0" } } ], "category": "product_name", "name": "Oracle GoldenGate Studio" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Veridata Version 12.2.1.4.0-12.2.1.4.230922", "product": { "name": "Oracle GoldenGate Veridata Version 12.2.1.4.0-12.2.1.4.230922", "product_id": "P-5758V-12.2.1.4.0-12.2.1.4.230922" } } ], "category": "product_name", "name": "Oracle GoldenGate Veridata" } ], "category": "product_family", "name": "Oracle GoldenGate" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Life Sciences Empirica Signal Version 9.1.0.53", "product": { "name": "Oracle Life Sciences Empirica Signal Version 9.1.0.53", "product_id": "P-9646V-9.1.0.53" } }, { "category": "product_version", "name": "Oracle Life Sciences Empirica Signal Version 9.2.0.53", "product": { "name": "Oracle Life Sciences Empirica Signal Version 9.2.0.53", "product_id": "P-9646V-9.2.0.53" } } ], "category": "product_name", "name": "Oracle Life Sciences Empirica Signal" } ], "category": "product_family", "name": "Oracle Health Sciences Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Healthcare Data Repository Version 8.1.0.0", "product": { "name": "Oracle Healthcare Data Repository Version 8.1.0.0", "product_id": "P-9161V-8.1.0.0" } }, { "category": "product_version", "name": "Oracle Healthcare Data Repository Version 8.1.1.0", "product": { "name": "Oracle Healthcare Data Repository Version 8.1.1.0", "product_id": "P-9161V-8.1.1.0" } }, { "category": "product_version", "name": "Oracle Healthcare Data Repository Version 8.1.2.0", "product": { "name": "Oracle Healthcare Data Repository Version 8.1.2.0", "product_id": "P-9161V-8.1.2.0" } }, { "category": "product_version", "name": "Oracle Healthcare Data Repository Version 8.1.3.0", "product": { "name": "Oracle Healthcare Data Repository Version 8.1.3.0", "product_id": "P-9161V-8.1.3.0" } }, { "category": "product_version", "name": "Oracle Healthcare Data Repository Version 8.1.3.2", "product": { "name": "Oracle Healthcare Data Repository Version 8.1.3.2", "product_id": "P-9161V-8.1.3.2" } }, { "category": "product_version", "name": "Oracle Healthcare Data Repository Version 8.1.3.4", "product": { "name": "Oracle Healthcare Data Repository Version 8.1.3.4", "product_id": "P-9161V-8.1.3.4" } } ], "category": "product_name", "name": "Oracle Healthcare Data Repository" } ], "category": "product_family", "name": "Oracle HealthCare Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.3.3", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.3.3", "product_id": "P-11607V-20.3.3" } }, { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.3.4", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.3.4", "product_id": "P-11607V-20.3.4" } }, { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 23.1.0", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 23.1.0", "product_id": "P-11607V-23.1.0" } }, { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 23.1.1", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 23.1.1", "product_id": "P-11607V-23.1.1" } } ], "category": "product_name", "name": "Oracle Hospitality Cruise Shipboard Property Management System" } ], "category": "product_family", "name": "Oracle Hospitality Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Infrastructure Technology Version 11.2.16.0.000", "product": { "name": "Oracle Hyperion Infrastructure Technology Version 11.2.16.0.000", "product_id": "P-4392V-11.2.16.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Infrastructure Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle Smart View for Office Version 11.2.16.0.000", "product": { "name": "Oracle Smart View for Office Version 11.2.16.0.000", "product_id": "P-4407V-11.2.16.0.000" } } ], "category": "product_name", "name": "Oracle Smart View for Office" } ], "category": "product_family", "name": "Oracle Hyperion" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Documaker Version 12.6", "product": { "name": "Oracle Documaker Version 12.6", "product_id": "P-5477V-12.6" } }, { "category": "product_version", "name": "Oracle Documaker Version 12.7", "product": { "name": "Oracle Documaker Version 12.7", "product_id": "P-5477V-12.7" } } ], "category": "product_name", "name": "Oracle Documaker" } ], "category": "product_family", "name": "Oracle Insurance Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:20.3.13", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:20.3.13", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:20.3.13" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.9", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.9", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:21.3.9" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.10", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.10", "product_id": "P-13497V-Oracle GraalVM for JDK:17.0.10" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:21.0.2", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:21.0.2", "product_id": "P-13497V-Oracle GraalVM for JDK:21.0.2" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:22", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:22", "product_id": "P-13497V-Oracle GraalVM for JDK:22" } } ], "category": "product_name", "name": "Oracle GraalVM for JDK" }, { "branches": [ { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.13", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.13", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:20.3.13" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.9", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.9", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.10", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.10", "product_id": "P-856V-Oracle GraalVM for JDK:17.0.10" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:21.0.2", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:21.0.2", "product_id": "P-856V-Oracle GraalVM for JDK:21.0.2" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:22", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:22", "product_id": "P-856V-Oracle GraalVM for JDK:22" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:11.0.22", "product": { "name": "Oracle Java SE Version Oracle Java SE:11.0.22", "product_id": "P-856V-Oracle Java SE:11.0.22" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:17.0.10", "product": { "name": "Oracle Java SE Version Oracle Java SE:17.0.10", "product_id": "P-856V-Oracle Java SE:17.0.10" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:21.0.2", "product": { "name": "Oracle Java SE Version Oracle Java SE:21.0.2", "product_id": "P-856V-Oracle Java SE:21.0.2" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:22", "product": { "name": "Oracle Java SE Version Oracle Java SE:22", "product_id": "P-856V-Oracle Java SE:22" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:8u401", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u401", "product_id": "P-856V-Oracle Java SE:8u401" } }, { "category": "product_version_range", "name": "Oracle Java SE Version Oracle Java SE:8u401-perf", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u401-perf", "product_id": "P-856V-Oracle Java SE:8u401-perf" } } ], "category": "product_name", "name": "Oracle Java SE" } ], "category": "product_family", "name": "Oracle Java SE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "MySQL Cluster Version 7.5.33 and prior", "product": { "name": "MySQL Cluster Version 7.5.33 and prior", "product_id": "P-8479V-7.5.33 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 7.6.29 and prior", "product": { "name": "MySQL Cluster Version 7.6.29 and prior", "product_id": "P-8479V-7.6.29 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.35 and prior", "product": { "name": "MySQL Cluster Version 8.0.35 and prior", "product_id": "P-8479V-8.0.35 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.36 and prior", "product": { "name": "MySQL Cluster Version 8.0.36 and prior", "product_id": "P-8479V-8.0.36 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.2.0 and prior", "product": { "name": "MySQL Cluster Version 8.2.0 and prior", "product_id": "P-8479V-8.2.0 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.3.0 and prior", "product": { "name": "MySQL Cluster Version 8.3.0 and prior", "product_id": "P-8479V-8.3.0 and prior" } } ], "category": "product_name", "name": "MySQL Cluster" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Connectors(Connector/C++) Version 8.3.0 and prior", "product": { "name": "MySQL Connectors(Connector/C++) Version 8.3.0 and prior", "product_id": "P-8576(Connector/C++)V-8.3.0 and prior" } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/ODBC) Version 8.3.0 and prior", "product": { "name": "MySQL Connectors(Connector/ODBC) Version 8.3.0 and prior", "product_id": "P-8576(Connector/ODBC)V-8.3.0 and prior" } }, { "category": "product_version_range", "name": "MySQL Connectors Version 8.3.0 and prior", "product": { "name": "MySQL Connectors Version 8.3.0 and prior", "product_id": "P-8576V-8.3.0 and prior" } } ], "category": "product_name", "name": "MySQL Connectors" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 8.0.36 and prior", "product": { "name": "MySQL Enterprise Backup Version 8.0.36 and prior", "product_id": "P-4629V-8.0.36 and prior" } }, { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 8.3.0 and prior", "product": { "name": "MySQL Enterprise Backup Version 8.3.0 and prior", "product_id": "P-4629V-8.3.0 and prior" } } ], "category": "product_name", "name": "MySQL Enterprise Backup" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Enterprise Monitor Version 8.0.37 and prior", "product": { "name": "MySQL Enterprise Monitor Version 8.0.37 and prior", "product_id": "P-8480V-8.0.37 and prior" } } ], "category": "product_name", "name": "MySQL Enterprise Monitor" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Server Version 8.0.34 and prior", "product": { "name": "MySQL Server Version 8.0.34 and prior", "product_id": "P-8478V-8.0.34 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.35 and prior", "product": { "name": "MySQL Server Version 8.0.35 and prior", "product_id": "P-8478V-8.0.35 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.36 and prior", "product": { "name": "MySQL Server Version 8.0.36 and prior", "product_id": "P-8478V-8.0.36 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.2.0 and prior", "product": { "name": "MySQL Server Version 8.2.0 and prior", "product_id": "P-8478V-8.2.0 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.3.0 and prior", "product": { "name": "MySQL Server Version 8.3.0 and prior", "product_id": "P-8478V-8.3.0 and prior" } } ], "category": "product_name", "name": "MySQL Server" } ], "category": "product_family", "name": "Oracle MySQL" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise CRM Client Management Version 9.2", "product": { "name": "PeopleSoft Enterprise CRM Client Management Version 9.2", "product_id": "P-4860V-9.2" } } ], "category": "product_name", "name": "PeopleSoft Enterprise CRM Client Management" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise HCM Benefits Administration Version 9.2", "product": { "name": "PeopleSoft Enterprise HCM Benefits Administration Version 9.2", "product_id": "P-5042V-9.2" } } ], "category": "product_name", "name": "PeopleSoft Enterprise HCM Benefits Administration" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product_id": "P-5085V-8.59" } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product_id": "P-5085V-8.60" } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.61", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.61", "product_id": "P-5085V-8.61" } } ], "category": "product_name", "name": "PeopleSoft Enterprise PeopleTools" } ], "category": "product_family", "name": "Oracle PeopleSoft" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Retail Assortment Planning Version 15.0.3", "product": { "name": "Oracle Retail Assortment Planning Version 15.0.3", "product_id": "P-1788V-15.0.3" } }, { "category": "product_version", "name": "Oracle Retail Assortment Planning Version 16.0.3", "product": { "name": "Oracle Retail Assortment Planning Version 16.0.3", "product_id": "P-1788V-16.0.3" } } ], "category": "product_name", "name": "Oracle Retail Assortment Planning" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Customer Management and Segmentation Foundation Version 19.0.0.9", "product": { "name": "Oracle Retail Customer Management and Segmentation Foundation Version 19.0.0.9", "product_id": "P-13388V-19.0.0.9" } } ], "category": "product_name", "name": "Oracle Retail Customer Management and Segmentation Foundation" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Integration Bus Version 14.1.3.2", "product": { "name": "Oracle Retail Integration Bus Version 14.1.3.2", "product_id": "P-1807V-14.1.3.2" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 15.0.3.1", "product": { "name": "Oracle Retail Integration Bus Version 15.0.3.1", "product_id": "P-1807V-15.0.3.1" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 16.0.3", "product": { "name": "Oracle Retail Integration Bus Version 16.0.3", "product_id": "P-1807V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 19.0.1", "product": { "name": "Oracle Retail Integration Bus Version 19.0.1", "product_id": "P-1807V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Integration Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Merchandising System Version 14.1.3", "product": { "name": "Oracle Retail Merchandising System Version 14.1.3", "product_id": "P-1816V-14.1.3" } }, { "category": "product_version", "name": "Oracle Retail Merchandising System Version 15.0.3", "product": { "name": "Oracle Retail Merchandising System Version 15.0.3", "product_id": "P-1816V-15.0.3" } }, { "category": "product_version", "name": "Oracle Retail Merchandising System Version 16.0.3", "product": { "name": "Oracle Retail Merchandising System Version 16.0.3", "product_id": "P-1816V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Merchandising System Version 19.0.1", "product": { "name": "Oracle Retail Merchandising System Version 19.0.1", "product_id": "P-1816V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Merchandising System" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Sales Audit Version 14.1.3.1", "product": { "name": "Oracle Retail Sales Audit Version 14.1.3.1", "product_id": "P-1834V-14.1.3.1" } }, { "category": "product_version", "name": "Oracle Retail Sales Audit Version 15.0.3.1", "product": { "name": "Oracle Retail Sales Audit Version 15.0.3.1", "product_id": "P-1834V-15.0.3.1" } }, { "category": "product_version", "name": "Oracle Retail Sales Audit Version 16.0.3", "product": { "name": "Oracle Retail Sales Audit Version 16.0.3", "product_id": "P-1834V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Sales Audit Version 19.0.1", "product": { "name": "Oracle Retail Sales Audit Version 19.0.1", "product_id": "P-1834V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Sales Audit" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Service Backbone Version 14.1.3.2", "product": { "name": "Oracle Retail Service Backbone Version 14.1.3.2", "product_id": "P-10867V-14.1.3.2" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 15.0.3.1", "product": { "name": "Oracle Retail Service Backbone Version 15.0.3.1", "product_id": "P-10867V-15.0.3.1" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 16.0.3", "product": { "name": "Oracle Retail Service Backbone Version 16.0.3", "product_id": "P-10867V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 19.0.1", "product": { "name": "Oracle Retail Service Backbone Version 19.0.1", "product_id": "P-10867V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Service Backbone" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 19.0.5", "product": { "name": "Oracle Retail Xstore Point of Service Version 19.0.5", "product_id": "P-11513V-19.0.5" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 20.0.4", "product": { "name": "Oracle Retail Xstore Point of Service Version 20.0.4", "product_id": "P-11513V-20.0.4" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 21.0.3", "product": { "name": "Oracle Retail Xstore Point of Service Version 21.0.3", "product_id": "P-11513V-21.0.3" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 22.0.1", "product": { "name": "Oracle Retail Xstore Point of Service Version 22.0.1", "product_id": "P-11513V-22.0.1" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 23.0.1", "product": { "name": "Oracle Retail Xstore Point of Service Version 23.0.1", "product_id": "P-11513V-23.0.1" } } ], "category": "product_name", "name": "Oracle Retail Xstore Point of Service" } ], "category": "product_family", "name": "Oracle Retail Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Siebel Apps - Public Sector Version 23.7 and prior", "product": { "name": "Siebel Apps - Public Sector Version 23.7 and prior", "product_id": "P-9008V-23.7 and prior" } } ], "category": "product_name", "name": "Siebel Apps - Public Sector" } ], "category": "product_family", "name": "Oracle Siebel CRM" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Agile PLM Version 9.3.6", "product": { "name": "Oracle Agile PLM Version 9.3.6", "product_id": "P-4461V-9.3.6" } } ], "category": "product_name", "name": "Oracle Agile PLM" }, { "branches": [ { "category": "product_version", "name": "Oracle Agile Product Lifecycle Management for Process Version 6.2.4.2", "product": { "name": "Oracle Agile Product Lifecycle Management for Process Version 6.2.4.2", "product_id": "P-4445V-6.2.4.2" } } ], "category": "product_name", "name": "Oracle Agile Product Lifecycle Management for Process" }, { "branches": [ { "category": "product_version", "name": "Oracle Transportation Management Version 6.5.2", "product": { "name": "Oracle Transportation Management Version 6.5.2", "product_id": "P-1991V-6.5.2" } }, { "category": "product_version", "name": "Oracle Transportation Management Version 6.5.3", "product": { "name": "Oracle Transportation Management Version 6.5.3", "product_id": "P-1991V-6.5.3" } } ], "category": "product_name", "name": "Oracle Transportation Management" } ], "category": "product_family", "name": "Oracle Supply Chain" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "OSS Support Tools(DA - Diagnostic Assistant) Version 2.12.44", "product": { "name": "OSS Support Tools(DA - Diagnostic Assistant) Version 2.12.44", "product_id": "P-1330(DA - Diagnostic Assistant)V-2.12.44" } }, { "category": "product_version", "name": "OSS Support Tools(DA - Diagnostic Assistant) Version 2.12.45", "product": { "name": "OSS Support Tools(DA - Diagnostic Assistant) Version 2.12.45", "product_id": "P-1330(DA - Diagnostic Assistant)V-2.12.45" } }, { "category": "product_version", "name": "OSS Support Tools(RDA - Remote Diagnostic Agent) Version 23.1.23.1.17", "product": { "name": "OSS Support Tools(RDA - Remote Diagnostic Agent) Version 23.1.23.1.17", "product_id": "P-1330(RDA - Remote Diagnostic Agent)V-23.1.23.1.17" } }, { "category": "product_version", "name": "OSS Support Tools(STB - Services Tools Bundle) Version 23.1.23.1.17", "product": { "name": "OSS Support Tools(STB - Services Tools Bundle) Version 23.1.23.1.17", "product_id": "P-1330(STB - Services Tools Bundle)V-23.1.23.1.17" } }, { "category": "product_version", "name": "OSS Support Tools(RDA - Remote Diagnostic Agent) Version 24.1.24.1.16", "product": { "name": "OSS Support Tools(RDA - Remote Diagnostic Agent) Version 24.1.24.1.16", "product_id": "P-1330(RDA - Remote Diagnostic Agent)V-24.1.24.1.16" } }, { "category": "product_version", "name": "OSS Support Tools(STB - Services Tools Bundle) Version 24.1.24.1.16", "product": { "name": "OSS Support Tools(STB - Services Tools Bundle) Version 24.1.24.1.16", "product_id": "P-1330(STB - Services Tools Bundle)V-24.1.24.1.16" } } ], "category": "product_name", "name": "OSS Support Tools" } ], "category": "product_family", "name": "Oracle Support Tools" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Solaris Version 11", "product": { "name": "Oracle Solaris Version 11", "product_id": "P-10006V-11" } } ], "category": "product_name", "name": "Oracle Solaris" }, { "branches": [ { "category": "product_version", "name": "Oracle Solaris Cluster Version 4", "product": { "name": "Oracle Solaris Cluster Version 4", "product_id": "P-10005V-4" } } ], "category": "product_name", "name": "Oracle Solaris Cluster" }, { "branches": [ { "category": "product_version", "name": "Oracle StorageTek Tape Analytics (STA) Version 2.5", "product": { "name": "Oracle StorageTek Tape Analytics (STA) Version 2.5", "product_id": "P-10085V-2.5" } } ], "category": "product_name", "name": "Oracle StorageTek Tape Analytics (STA)" }, { "branches": [ { "category": "product_version", "name": "Oracle ZFS Storage Appliance Kit Version 8.8", "product": { "name": "Oracle ZFS Storage Appliance Kit Version 8.8", "product_id": "P-10026V-8.8" } } ], "category": "product_name", "name": "Oracle ZFS Storage Appliance Kit" } ], "category": "product_family", "name": "Oracle Systems" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle TimesTen In-Memory Database Version Prior to 22.1", "product": { "name": "Oracle TimesTen In-Memory Database Version Prior to 22.1", "product_id": "P-1870V-Prior to 22.1" } }, { "category": "product_version_range", "name": "Oracle TimesTen In-Memory Database Version Prior to 22.1.1.19.0", "product": { "name": "Oracle TimesTen In-Memory Database Version Prior to 22.1.1.19.0", "product_id": "P-1870V-Prior to 22.1.1.19.0" } }, { "category": "product_version_range", "name": "Oracle TimesTen In-Memory Database Version Prior to 22.1.1.23.0", "product": { "name": "Oracle TimesTen In-Memory Database Version Prior to 22.1.1.23.0", "product_id": "P-1870V-Prior to 22.1.1.23.0" } } ], "category": "product_name", "name": "Oracle TimesTen In-Memory Database" } ], "category": "product_family", "name": "Oracle TimesTen In-Memory Database" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.3.0.3.0-4.3.0.6.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.3.0-4.3.0.6.0", "product_id": "P-2245V-4.3.0.3.0-4.3.0.6.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product_id": "P-2245V-4.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product_id": "P-2245V-4.4.0.2.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product_id": "P-2245V-4.4.0.3.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product_id": "P-2245V-4.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.1.1", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.1.1", "product_id": "P-2245V-4.5.0.1.1" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.1.2", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.1.2", "product_id": "P-2245V-4.5.0.1.2" } } ], "category": "product_name", "name": "Oracle Utilities Application Framework" }, { "branches": [ { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.3.0.2", "product": { "name": "Oracle Utilities Network Management System Version 2.3.0.2", "product_id": "P-2241V-2.3.0.2" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.4.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.4.0.1", "product_id": "P-2241V-2.4.0.1" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.1", "product_id": "P-2241V-2.5.0.1" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.2", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.2", "product_id": "P-2241V-2.5.0.2" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.0", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.0", "product_id": "P-2241V-2.6.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.0.4", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.0.4", "product_id": "P-2241V-2.6.0.0.4" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.1", "product_id": "P-2241V-2.6.0.1" } } ], "category": "product_name", "name": "Oracle Utilities Network Management System" } ], "category": "product_family", "name": "Oracle Utilities Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle VM VirtualBox Version Prior to 7.0.16", "product": { "name": "Oracle VM VirtualBox Version Prior to 7.0.16", "product_id": "P-8370V-Prior to 7.0.16" } } ], "category": "product_name", "name": "Oracle VM VirtualBox" } ], "category": "product_family", "name": "Oracle Virtualization" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-0231", "ids": [ { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "36277851" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (Apache Mina)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5565V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5565V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-10172", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Content", "text": "35998715" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: ADF UCM Application (jackson-mapper-asl)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2271V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2271V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-2271V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-13990", "ids": [ { "system_name": "Oracle Bug ID of Oracle Internet Directory", "text": "30623926" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "36103221" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Internet Directory product of Oracle Fusion Middleware (component: Directory Integration Platform (Quartz)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Directory. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Quartz)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1980V-12.2.1.4.0", "P-355V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-355V-12.2.1.4.0", "P-1980V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-355V-12.2.1.4.0", "P-1980V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-25638", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "36416691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (hibernate-core)). Supported versions that are affected are 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1 and 4.5.0.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Application Framework accessible data as well as unauthorized access to critical data or complete access to all Oracle Utilities Application Framework accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.1.2", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.1.2", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3013490.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.1.2", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] } ] }, { "cve": "CVE-2020-29508", "ids": [ { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "34732262" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5" ] } ] }, { "cve": "CVE-2020-35163", "ids": [ { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "34732262" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5" ] } ] }, { "cve": "CVE-2020-35164", "ids": [ { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "34732262" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5" ] } ] }, { "cve": "CVE-2020-35166", "ids": [ { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "34732262" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5" ] } ] }, { "cve": "CVE-2020-35167", "ids": [ { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "34732262" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5" ] } ] }, { "cve": "CVE-2020-35168", "ids": [ { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "34732262" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5" ] } ] }, { "cve": "CVE-2020-8908", "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35883296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Data Transforms (Jython)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Data Integrator executes to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Data Integrator accessible data as well as unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-23369", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36069432" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (handlebars)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-23383", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36069432" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (handlebars)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-28861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35895486" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization (Python)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2021-36373", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "33176670" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Ant)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris Cluster executes to compromise Oracle Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10005V-4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10005V-4" ] } ] }, { "cve": "CVE-2021-36374", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "33176670" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Ant)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris Cluster executes to compromise Oracle Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10005V-4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10005V-4" ] } ] }, { "cve": "CVE-2021-36770", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "33501730" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: Provisioning (Perl)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1369V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1369V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1369V-13.5.0.0" ] } ] }, { "cve": "CVE-2021-37533", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "35346784" }, { "system_name": "Oracle Bug ID of Oracle Communications Offline Mediation Controller", "text": "35346723" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise CRM Client Management", "text": "35346793" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: General (Apache Commons Net)). Supported versions that are affected are 12.0.0.1-12.0.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Communications Offline Mediation Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Offline Mediation Controller accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Commons Net)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris Cluster accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise CRM Client Management product of Oracle PeopleSoft (component: Third Party (Apache Commons Net)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CRM Client Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CRM Client Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4860V-9.2", "P-10005V-4", "P-2269V-12.0.0.1-12.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2269V-12.0.0.1-12.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3012567.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4860V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10005V-4", "P-4860V-9.2", "P-2269V-12.0.0.1-12.0.0.8" ] } ] }, { "cve": "CVE-2021-41616", "ids": [ { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36500834" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Enterprise Edition (Apache DB DdlUtils)). Supported versions that are affected are 12.6 and 12.7. Easily exploitable vulnerability allows high privileged attacker with network access via SQL to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-12.7", "P-5477V-12.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] } ] }, { "cve": "CVE-2021-43113", "ids": [ { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36478788" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Enterprise Edition (iTextPDF)). Supported versions that are affected are 12.6 and 12.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Documaker executes to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-12.7", "P-5477V-12.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] } ] }, { "cve": "CVE-2022-1471", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35038659" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35156475" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Third Party (SnakeYAML)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (SnakeYAML)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-12.2.1.4.0" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1162V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ] }, { "cve": "CVE-2022-23491", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35579905" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLST (Python)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2022-24329", "ids": [ { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "36103295" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (JetBrains Kotlin)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5565V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-5565V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-24613", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36193929" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch (metadata-extractor)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2022-24614", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36193929" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch (metadata-extractor)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2022-24839", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "34696750" }, { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "34696751" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (NekoHTML)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Core (NekoHTML)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5", "P-10005V-4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5", "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5", "P-10005V-4" ] } ] }, { "cve": "CVE-2022-25147", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35723907" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache Portable Runtime Utility)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-31160", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "36304037" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35458661" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (jQueryUI)). The supported version that is affected is 3.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jQueryUI)). The supported version that is affected is 19.0.0.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13388V-19.0.0.9", "P-5322V-3.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-3.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012792.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13388V-19.0.0.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13388V-19.0.0.9", "P-5322V-3.2.0.0.0" ] } ] }, { "cve": "CVE-2022-3171", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "34859677" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ] }, { "cve": "CVE-2022-34169", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-619V-19.3-19.22", "P-619V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph MapViewer (Apache Xalan-Java)", "text": "36230174" }, { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "36230399" }, { "system_name": "Oracle Bug ID of Oracle Transportation Management", "text": "36230380" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "36230258" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Spatial and Graph MapViewer (Apache Xalan-Java) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: General (Apache Xalan-Java)). Supported versions that are affected are 7.4.0-7.4.2, 7.5.0 and 7.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Install (Apache Xalan-Java)). The supported version that is affected is 6.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Clean Content SDK (Apache Xalan-Java)). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data. CVSS 3.1 Base Score 6.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0", "P-2276V-8.5.7", "P-4516V-7.5.1", "P-2276V-8.5.6", "P-1991V-6.5.2" ], "known_not_affected": [ "P-619V-21.3-21.13", "P-619V-19.3-19.22" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.22", "P-619V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0", "P-4516V-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3012534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1991V-6.5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013496.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-619V-19.3-19.22", "P-619V-21.3-21.13" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-1991V-6.5.2" ] }, { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-619V-19.3-19.22", "P-619V-21.3-21.13" ] } ] }, { "cve": "CVE-2022-34381", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0", "P-1870V-Prior to 22.1.1.23.0", "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, { "date": "2024-04-16T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-5757V-19.1.0.0.0-19.22.0.0.240124", "P-5757V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Service Backbone", "text": "36299649" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "36299617" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36299619" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Veridata", "text": "36299634" }, { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "36299656" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Integrity", "text": "36299613" }, { "system_name": "Oracle Bug ID of Oracle Weblogic Server Proxy Plug-in", "text": "36299668" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "36299647" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "36299659" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "36299630" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "36299632" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "36299578" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (BSAFE Crypto-J)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Integrity product of Oracle Communications Applications (component: Platform (BSAFE Crypto-J)). The supported version that is affected is 7.3.6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Integrity. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Integrity. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (BSAFE Crypto-J)). Supported versions that are affected are 7.4.0-7.4.2, 7.5.0 and 7.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the RDBMS (Dell BSAFE Crypto-J) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle GoldenGate (component: Oracle GoldenGate (BSAFE Crypto-J)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Studio (BSAFE Crypto-J)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (BSAFE Crypto-J)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (BSAFE Crypto-J)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: Install (BSAFE Crypto-J)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (BSAFE Crypto-J)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Cache (BSAFE Crypto-J)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Plugins (BSAFE Crypto-J)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Weblogic Server Proxy Plug-in. Successful attacks of this vulnerability can result in takeover of Oracle Weblogic Server Proxy Plug-in. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-10085V-2.5", "P-10867V-15.0.3.1", "P-1807V-19.0.1", "P-10867V-14.1.3.2", "P-1042V-12.2.1.4.0", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-1042V-14.1.1.0.0", "P-1807V-15.0.3.1", "P-4491V-7.3.6.4", "P-4516V-7.4.0-7.4.2", "P-1807V-14.1.3.2", "P-10867V-19.0.1" ], "known_not_affected": [ "P-5757V-19.1.0.0.0-19.22.0.0.240124", "P-5757V-21.3-21.13", "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0", "P-1870V-Prior to 22.1.1.23.0", "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4491V-7.3.6.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3012566.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0", "P-4516V-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3012534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-19.1.0.0.0-19.22.0.0.240124", "P-5757V-21.3-21.13", "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0", "P-1870V-Prior to 22.1.1.23.0", "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10867V-15.0.3.1", "P-10867V-16.0.3", "P-1807V-19.0.1", "P-1807V-15.0.3.1", "P-10867V-14.1.3.2", "P-1807V-14.1.3.2", "P-10867V-19.0.1", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-14.1.1.0.0", "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-10085V-2.5", "P-10867V-15.0.3.1", "P-1807V-19.0.1", "P-10867V-14.1.3.2", "P-1042V-12.2.1.4.0", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-1042V-14.1.1.0.0", "P-1807V-15.0.3.1", "P-4491V-7.3.6.4", "P-4516V-7.4.0-7.4.2", "P-1807V-14.1.3.2", "P-10867V-19.0.1" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5757V-19.1.0.0.0-19.22.0.0.240124", "P-5757V-21.3-21.13", "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0", "P-1870V-Prior to 22.1.1.23.0", "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0", "P-1870V-Prior to 22.1.1.23.0", "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-5757V-19.1.0.0.0-19.22.0.0.240124", "P-5757V-21.3-21.13" ] } ] }, { "cve": "CVE-2022-36033", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "34897716" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (jsoup)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris Cluster, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris Cluster accessible data as well as unauthorized read access to a subset of Oracle Solaris Cluster accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10005V-4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-10005V-4" ] } ] }, { "cve": "CVE-2022-40152", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "36449194" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Keycloak)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14250V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14250V-23.4.0" ] } ] }, { "cve": "CVE-2022-40896", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35766247" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35766245" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Pygments)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Repository Function executes to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Pygments)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.4.1", "P-14123V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014191.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-23.4.1", "P-14123V-23.4.0" ] } ] }, { "cve": "CVE-2022-41704", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "34970696" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34970628" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Batik)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris Cluster accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10005V-4", "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10005V-4", "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-41853", "ids": [ { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36483723" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Enterprise Edition (HyperSQL Database)). Supported versions that are affected are 12.6 and 12.7. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Documaker executes to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-12.7", "P-5477V-12.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] } ] }, { "cve": "CVE-2022-42003", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "34811694" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "34811580" }, { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "36384615" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Third Party (jackson-databind)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (jackson-databind)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (jackson-databind)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-10005V-4", "P-9348V-11.3.2", "P-1999V-12.2.1.3.0", "P-9348V-11.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-10005V-4", "P-9348V-11.3.2", "P-1999V-12.2.1.3.0", "P-9348V-11.3.0" ] } ] }, { "cve": "CVE-2022-42004", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "34811694" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "34811580" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Third Party (jackson-databind)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (jackson-databind)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10005V-4", "P-1999V-12.2.1.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10005V-4", "P-1999V-12.2.1.3.0" ] } ] }, { "cve": "CVE-2022-42889", "ids": [ { "system_name": "Oracle Bug ID of Oracle Healthcare Data Repository", "text": "34705852" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR (Apache Commons Text)). Supported versions that are affected are 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.3.0, 8.1.3.2 and 8.1.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9161V-8.1.3.2", "P-9161V-8.1.3.4", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9161V-8.1.3.2", "P-9161V-8.1.3.4", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012568.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9161V-8.1.3.2", "P-9161V-8.1.3.4", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0" ] } ] }, { "cve": "CVE-2022-42890", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "34970696" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34970628" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Batik)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris Cluster accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10005V-4", "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10005V-4", "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-42920", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "35674183" }, { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "35674181" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "35674103" }, { "system_name": "Oracle Bug ID of Oracle Retail Assortment Planning", "text": "35674168" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "35674034" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35674138" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Commons BCEL)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: Enterprise Manager Install (Apache Commons BCEL)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Commons BCEL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Assortment Planning product of Oracle Retail Applications (component: Application Core (Apache Commons BCEL)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Assortment Planning. Successful attacks of this vulnerability can result in takeover of Oracle Retail Assortment Planning. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Commons BCEL)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Oracle Solaris Cluster. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Core (Apache Commons BCEL)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in takeover of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-10085V-2.5", "P-10005V-4", "P-1369V-13.5.0.0", "P-1788V-16.0.3", "P-1788V-15.0.3" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1369V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1788V-16.0.3", "P-1788V-15.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5", "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-10085V-2.5", "P-10005V-4", "P-1369V-13.5.0.0", "P-1788V-16.0.3", "P-1788V-15.0.3" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ] }, { "cve": "CVE-2022-44729", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34970628" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-45378", "ids": [ { "system_name": "Oracle Bug ID of Oracle Web Services Manager", "text": "35453135" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: Third Party (Apache SOAP)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Web Services Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1775V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1775V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1775V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-45688", "ids": [ { "system_name": "Oracle Bug ID of Oracle Life Sciences Empirica Signal", "text": "35954750" }, { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "35655012" }, { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "36379993" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "35654947" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "35954669" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (JSON-java)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (JSON-java)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Third Party (JSON-java)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Health Sciences Applications (component: Core (JSON-java)). Supported versions that are affected are 9.1.0.53 and 9.2.0.53. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences Empirica Signal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Life Sciences Empirica Signal. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (JSON-java)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-23.1.0", "P-9348V-11.3.1", "P-10005V-4", "P-9348V-11.3.2", "P-9646V-9.1.0.53", "P-1999V-12.2.1.3.0", "P-9348V-11.3.0", "P-9646V-9.2.0.53" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9646V-9.1.0.53", "P-9646V-9.2.0.53" ], "url": "https://support.oracle.com/rs?type=doc&id=3012663.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14117V-23.1.0", "P-9348V-11.3.1", "P-10005V-4", "P-9348V-11.3.2", "P-1999V-12.2.1.3.0", "P-9348V-11.3.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9646V-9.1.0.53", "P-9646V-9.2.0.53" ] } ] }, { "cve": "CVE-2022-46337", "ids": [ { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36131967" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "36131944" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "36131987" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware MapViewer", "text": "36131985" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "36131970" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "36131937" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "36070487" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Derby)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Derby)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Third Party (Apache Derby)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Derby)). Supported versions that are affected are 12.6 and 12.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Apache Derby)). The supported version that is affected is 12.1.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Map Builder (Apache Derby)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware MapViewer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Derby)). Supported versions that are affected are 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-1807V-19.0.1", "P-5477V-12.7", "P-5477V-12.6", "P-1215V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-9110V-12.1.0.0.0", "P-1807V-16.0.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1215V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9110V-12.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1807V-19.0.1", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-1807V-19.0.1", "P-5477V-12.7", "P-5477V-12.6", "P-1215V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-1807V-16.0.3" ] }, { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9110V-12.1.0.0.0" ] } ] }, { "cve": "CVE-2022-46364", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "36483776" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Endeca Integration (Apache CXF)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] } ] }, { "cve": "CVE-2022-46751", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35787273" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Ivy)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ] }, { "cve": "CVE-2022-48579", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "35806694" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core (unrar)). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data. CVSS 3.1 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] } ] }, { "cve": "CVE-2023-0464", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-0465", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-0466", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-0833", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "36278180" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Patch (OkHttp)). The supported version that is affected is 8.0.0.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-8.0.0.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012565.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2283V-8.0.0.1.0" ] } ] }, { "cve": "CVE-2023-1108", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "36105777" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (Undertow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014192.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] } ] }, { "cve": "CVE-2023-1255", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-1370", "ids": [ { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "35223970" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "35224029" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35408086" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "35408067" }, { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "35408138" }, { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "35408139" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "35224023" } ], "notes": [ { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: DA - Diagnostic Assistant (json-smart)). The supported version that is affected is 2.12.44. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OSS Support Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: RDA - Remote Diagnostic Agent (json-smart)). The supported version that is affected is 23.1.23.1.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OSS Support Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: STB - Services Tools Bundle (json-smart)). The supported version that is affected is 23.1.23.1.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OSS Support Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (json-smart)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (json-smart)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (json-smart)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Core (json-smart)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-10085V-2.5", "P-10005V-4", "P-9633V-11.3.2", "P-1330(RDA - Remote Diagnostic Agent)V-23.1.23.1.17", "P-1330(STB - Services Tools Bundle)V-23.1.23.1.17", "P-1330(DA - Diagnostic Assistant)V-2.12.44" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1330(RDA - Remote Diagnostic Agent)V-23.1.23.1.17", "P-1330(STB - Services Tools Bundle)V-23.1.23.1.17", "P-1330(DA - Diagnostic Assistant)V-2.12.44" ], "url": "https://support.oracle.com/rs?type=doc&id=3014515.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5", "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-10005V-4", "P-9633V-11.3.2", "P-1330(RDA - Remote Diagnostic Agent)V-23.1.23.1.17", "P-1330(STB - Services Tools Bundle)V-23.1.23.1.17", "P-1330(DA - Diagnostic Assistant)V-2.12.44" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-10085V-2.5" ] } ] }, { "cve": "CVE-2023-1436", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Sales Audit", "text": "35436256" }, { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "35436211" }, { "system_name": "Oracle Bug ID of Oracle StorageTek Tape Analytics (STA)", "text": "35436214" }, { "system_name": "Oracle Bug ID of Oracle Retail Merchandising System", "text": "36444673" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Jettison)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle StorageTek Tape Analytics (STA) product of Oracle Systems (component: Application Server (Jettison)). The supported version that is affected is 2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle StorageTek Tape Analytics (STA). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle StorageTek Tape Analytics (STA). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Sales Audit product of Oracle Retail Applications (component: Other (Jettison)). Supported versions that are affected are 14.1.3.1, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Sales Audit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Sales Audit. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Security (Jettison)). Supported versions that are affected are 14.1.3, 15.0.3, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10085V-2.5", "P-10005V-4", "P-1816V-14.1.3", "P-1834V-19.0.1", "P-1816V-15.0.3", "P-1834V-15.0.3.1", "P-1834V-16.0.3", "P-1816V-16.0.3", "P-1816V-19.0.1", "P-1834V-14.1.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10085V-2.5", "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1816V-14.1.3", "P-1834V-19.0.1", "P-1816V-15.0.3", "P-1834V-15.0.3.1", "P-1834V-16.0.3", "P-1816V-16.0.3", "P-1816V-19.0.1", "P-1834V-14.1.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10085V-2.5", "P-10005V-4", "P-1816V-14.1.3", "P-1834V-19.0.1", "P-1816V-15.0.3", "P-1834V-15.0.3.1", "P-1834V-16.0.3", "P-1816V-16.0.3", "P-1816V-19.0.1", "P-1834V-14.1.3.1" ] } ] }, { "cve": "CVE-2023-20860", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "35407458" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: Install (Spring Framework)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1369V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1369V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1369V-13.5.0.0" ] } ] }, { "cve": "CVE-2023-20861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "35407458" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: Install (Spring Framework)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1369V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1369V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1369V-13.5.0.0" ] } ] }, { "cve": "CVE-2023-20862", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9110V-12.1.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "35677933" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9110V-12.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9110V-12.1.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9110V-12.1.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9110V-12.1.0.0.0" ] } ] }, { "cve": "CVE-2023-20863", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "36380227" }, { "system_name": "Oracle Bug ID of Oracle Healthcare Data Repository", "text": "35351061" }, { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "35351092" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR (Spring Framework)). Supported versions that are affected are 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.3.0, 8.1.3.2 and 8.1.3.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Data Repository. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Spring Framework)). The supported version that is affected is 4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (Spring Framework)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9161V-8.1.3.2", "P-9348V-11.3.1", "P-10005V-4", "P-9348V-11.3.2", "P-9161V-8.1.3.4", "P-9348V-11.3.0", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9161V-8.1.3.2", "P-9161V-8.1.3.4", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012568.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9161V-8.1.3.2", "P-9348V-11.3.1", "P-10005V-4", "P-9348V-11.3.2", "P-9161V-8.1.3.4", "P-9348V-11.3.0", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0" ] } ] }, { "cve": "CVE-2023-2283", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35548746" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (libssh)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Slice Selection Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Slice Selection Function accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-24021", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "36133959" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (ModSecurity)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-24998", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris Cluster", "text": "35170921" }, { "system_name": "Oracle Bug ID of Oracle Transportation Management", "text": "35170924" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35865329" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Commons FileUpload)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Install (Apache Commons FileUpload)). The supported version that is affected is 6.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10005V-4", "P-1991V-6.5.2", "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10005V-4" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1991V-6.5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013496.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10005V-4", "P-1991V-6.5.2" ] }, { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2023-2617", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35631761" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35631770" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (OpenCV)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (OpenCV)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-14195V-14.6.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14195V-14.5.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-14195V-14.6.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14195V-14.5.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-14195V-14.6.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14195V-14.5.0.0.0" ] } ] }, { "cve": "CVE-2023-2618", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35631761" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35631770" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (OpenCV)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (OpenCV)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-14195V-14.6.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14195V-14.5.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-14195V-14.6.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14195V-14.5.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-14195V-14.6.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14195V-14.5.0.0.0" ] } ] }, { "cve": "CVE-2023-2650", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-27391", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36102295" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Core RDBMS (Integrated Performance Primitives) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-28708", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35865329" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2023-28823", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36102295" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Core RDBMS (Integrated Performance Primitives) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Core RDBMS)V-19.3-19.22", "P-5(Core RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-29081", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1870V-Prior to 22.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Smart View for Office", "text": "36303646" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "36303649" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Authentication (InstallShield)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Smart View for Office executes to compromise Oracle Smart View for Office. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Smart View for Office. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Cache (InstallShield)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4407V-11.2.16.0.000" ], "known_not_affected": [ "P-1870V-Prior to 22.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4407V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4407V-11.2.16.0.000" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1870V-Prior to 22.1" ] } ] }, { "cve": "CVE-2023-29499", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35929208" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Java SE (component: JavaFX (glibc)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-856V-Oracle Java SE:8u401" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:8u401" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:8u401" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ] }, { "cve": "CVE-2023-2975", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-2976", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.5.4.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-13940V-9.1.1.7.0", "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35770292" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "36374919" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35579905" }, { "system_name": "Oracle Bug ID of Siebel Apps - Public Sector", "text": "35770219" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "35770119" }, { "system_name": "Oracle Bug ID of Oracle Healthcare Data Repository", "text": "35770259" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35696132" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "35770212" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35770256" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35770176" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35770220" }, { "system_name": "Oracle Bug ID of Oracle Communications Offline Mediation Controller", "text": "35770231" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35883296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLST (Python)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization, Installation (Google Guava)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Google Cloud Connector (Google Guava)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Identity Manager Connector executes to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (Google Guava)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Commerce Guided Search executes to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data as well as unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Google Guava)). Supported versions that are affected are 19.0.5, 20.0.4, 21.0.3, 22.0.1 and 23.0.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Xstore Point of Service executes to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel Apps - Public Sector product of Oracle Siebel CRM (component: Other (Google Guava)). Supported versions that are affected are 23.7 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel Apps - Public Sector executes to compromise Siebel Apps - Public Sector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Apps - Public Sector accessible data as well as unauthorized access to critical data or complete access to all Siebel Apps - Public Sector accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Stream Analytics (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: General (Google Guava)). Supported versions that are affected are 12.0.0.1-12.0.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Offline Mediation Controller executes to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Offline Mediation Controller accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Offline Mediation Controller accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Studio (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR (Google Guava)). Supported versions that are affected are 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.3.0, 8.1.3.2 and 8.1.3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Healthcare Data Repository executes to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Healthcare Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Healthcare Data Repository accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: User Interface (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Data Transforms (Jython)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Data Integrator executes to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Data Integrator accessible data as well as unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache Calcite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-23.7 and prior", "P-9161V-8.1.3.2", "P-11513V-20.0.4", "P-1999V-12.2.1.3.0", "P-11513V-19.0.5", "P-9161V-8.1.3.4", "P-11513V-22.0.1", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0", "P-2269V-12.0.0.1-12.0.0.8", "P-9633V-11.3.2", "P-11513V-21.0.3", "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0", "P-11513V-23.0.1", "P-2025V-7.0.0.0.0" ], "known_not_affected": [ "P-10945V-12.2.0.4.0", "P-4379V-21.5.4.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-13940V-9.1.1.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.3.0", "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-20.0.4", "P-11513V-19.0.5", "P-11513V-21.0.3", "P-11513V-22.0.1", "P-11513V-23.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-23.7 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3013495.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.4.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2269V-12.0.0.1-12.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3012567.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9161V-8.1.3.2", "P-9161V-8.1.3.4", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012568.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9008V-23.7 and prior", "P-9161V-8.1.3.2", "P-11513V-20.0.4", "P-1999V-12.2.1.3.0", "P-11513V-19.0.5", "P-9161V-8.1.3.4", "P-11513V-22.0.1", "P-9161V-8.1.1.0", "P-9161V-8.1.0.0", "P-9161V-8.1.3.0", "P-9161V-8.1.2.0", "P-2269V-12.0.0.1-12.0.0.8", "P-9633V-11.3.2", "P-11513V-21.0.3", "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0", "P-11513V-23.0.1", "P-2025V-7.0.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.5.4.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-10945V-12.2.0.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.7.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.5.4.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-13940V-9.1.1.7.0", "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2023-31122", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35965685" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35965686" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "36293028" }, { "system_name": "Oracle Bug ID of Oracle Communications Fraud Monitor", "text": "35965683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Fraud Monitor product of Oracle Communications (component: Mediation Engine (Apache HTTP Server)). Supported versions that are affected are 5.0, 5.1 and 5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Fraud Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Fraud Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache HTTP Server)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Apache HTTP Server)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Third Party (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10770V-9.0.0-9.0.2", "P-1042V-12.2.1.4.0", "P-11052V-9.0.0-9.0.2", "P-10763V-5.0", "P-10763V-5.1", "P-10763V-5.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10763V-5.0", "P-10763V-5.1", "P-10763V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014199.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014179.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014180.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.2", "P-1042V-12.2.1.4.0", "P-11052V-9.0.0-9.0.2", "P-10763V-5.0", "P-10763V-5.1", "P-10763V-5.2" ] } ] }, { "cve": "CVE-2023-3223", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "36105777" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (Undertow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014192.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14117V-23.3.0", "P-14117V-23.4.0" ] } ] }, { "cve": "CVE-2023-32611", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35929208" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Java SE (component: JavaFX (glibc)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-856V-Oracle Java SE:8u401" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:8u401" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:8u401" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ] }, { "cve": "CVE-2023-32636", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35929208" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Java SE (component: JavaFX (glibc)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-856V-Oracle Java SE:8u401" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:8u401" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:8u401" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ] }, { "cve": "CVE-2023-32643", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35929208" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Java SE (component: JavaFX (glibc)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-856V-Oracle Java SE:8u401" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:8u401" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:8u401" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ] }, { "cve": "CVE-2023-32665", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35929208" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Java SE (component: JavaFX (glibc)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-856V-Oracle Java SE:8u401" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:8u401" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:8u401" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-856V-Oracle Java SE:8u401" ] } ] }, { "cve": "CVE-2023-33201", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "35761784" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "35761798" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35761865" }, { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35870339" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "35761803" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Bouncy Castle Java Library)). The supported version that is affected is 2.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Party Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Bouncy Castle Java Library)). Supported versions that are affected are 23.2.0, 23.3.1 and 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (Bouncy Castle Java Library)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Service Communication Proxy accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Third Party (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.3.1", "P-14125V-23.4.0", "P-13929V-2.7.0.0.0", "P-14117V-23.3.0", "P-5242V-14.1.1.0.0", "P-14125V-23.2.0", "P-5242V-12.2.1.4.0", "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012768.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.3.1", "P-14125V-23.4.0", "P-14125V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-23.3.1", "P-14125V-23.4.0", "P-13929V-2.7.0.0.0", "P-14117V-23.3.0", "P-5242V-14.1.1.0.0", "P-14125V-23.2.0", "P-5242V-12.2.1.4.0", "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-33202", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35761865" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-34034", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9110V-12.1.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "35677933" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9110V-12.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9110V-12.1.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9110V-12.1.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9110V-12.1.0.0.0" ] } ] }, { "cve": "CVE-2023-34035", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9110V-12.1.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "35677933" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9110V-12.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9110V-12.1.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9110V-12.1.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9110V-12.1.0.0.0" ] } ] }, { "cve": "CVE-2023-34053", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "36110675" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "36110647" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Spring Framework)). The supported version that is affected is 24.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Management Cloud Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Security (Spring Framework)). Supported versions that are affected are 12.0.0.4-12.0.0.8 and 15.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9742V-15.0.0.0", "P-14252V-24.1.0.0.0", "P-9742V-12.0.0.4-12.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.1.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014201.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4-12.0.0.8", "P-9742V-15.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012531.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14252V-24.1.0.0.0", "P-9742V-12.0.0.4-12.0.0.8", "P-9742V-15.0.0.0" ] } ] }, { "cve": "CVE-2023-34055", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "36101532" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "36101556" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "36101533" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "36101529" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "36101539" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36101535" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Third Party (Spring Boot)). The supported version that is affected is 24.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Spring Boot)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (Spring Boot)). The supported version that is affected is 23.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install/Upgrade (Spring Boot)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: General (Spring Boot)). Supported versions that are affected are 7.4.1 and 7.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: User Interface (Spring Boot)). The supported version that is affected is 9.1.1.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-23.2.2", "P-13940V-9.1.1.7.0", "P-14489V-24.1.0", "P-14119V-23.2.0", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-14123V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014203.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014191.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-23.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.1", "P-4516V-7.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3012534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14117V-23.2.2", "P-13940V-9.1.1.7.0", "P-14489V-24.1.0", "P-14119V-23.2.0", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-14123V-23.4.0" ] } ] }, { "cve": "CVE-2023-3446", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35761123" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (OpenSSL)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] }, { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-34981", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "35627542" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Tomcat)). Supported versions that are affected are 19.0.5, 20.0.4, 21.0.3, 22.0.1 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-20.0.4", "P-11513V-19.0.5", "P-11513V-21.0.3", "P-11513V-22.0.1", "P-11513V-23.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-20.0.4", "P-11513V-19.0.5", "P-11513V-21.0.3", "P-11513V-22.0.1", "P-11513V-23.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-11513V-20.0.4", "P-11513V-19.0.5", "P-11513V-21.0.3", "P-11513V-22.0.1", "P-11513V-23.0.1" ] } ] }, { "cve": "CVE-2023-35116", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "36376218" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36149493" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36283905" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (jackson-databind)). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: CLI AND SDK (jackson-databind)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Identity Manager executes to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-1980V-12.2.1.4.0" ], "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-1980V-12.2.1.4.0", "P-2025V-7.0.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2023-35141", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35863167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-35887", "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35633712" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Users, roles, credentials, security (Apache Mina)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-3635", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Enterprise Capture", "text": "35775292" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Third Party (Okio)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Enterprise Capture. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10212V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10212V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10212V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-36478", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "35999001" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "36127614" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35998966" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35998964" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35998975" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36127611" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35998971" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36149031" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35998991" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "36127616" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Eclipse Jetty)). The supported version that is affected is 12.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Jenkins)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14324V-14.5.0.0.0", "P-14118V-23.4.1", "P-14117V-23.3.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-9110V-12.1.0.0.0", "P-14195V-14.5.0.0.0", "P-10899V-9.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14123V-23.3.0", "P-14324V-14.6.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14324V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-9110V-12.1.0.0.0", "P-14195V-14.5.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14324V-14.6.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014191.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014192.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14324V-14.5.0.0.0", "P-14118V-23.4.1", "P-14117V-23.3.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-9110V-12.1.0.0.0", "P-14195V-14.5.0.0.0", "P-10899V-9.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14123V-23.3.0", "P-14324V-14.6.0.0.0" ] } ] }, { "cve": "CVE-2023-36479", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35998991" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2023-36632", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36097286" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise RDBMS (Python). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of RDBMS (Python). CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-37536", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.0.4" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35955500" }, { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35955495" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "35955460" }, { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "35955438" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Webserver Plugin (Apache Xerces-C++)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Xerces-C++)). Supported versions that are affected are 12.6 and 12.7. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Documaker executes to compromise Oracle Documaker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Documaker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Documaker. CVSS 3.1 Base Score 2.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Third Party (Apache Xerces-C++)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Internal Operations (Apache Xerces-C++)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5565V-12.2.1.4.0", "P-5477V-12.7", "P-1162V-12.2.1.4.0", "P-5477V-12.6" ], "known_not_affected": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.0.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-12.2.1.4.0", "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3013490.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5565V-12.2.1.4.0", "P-1162V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.0.4" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.0.4" ] } ] }, { "cve": "CVE-2023-38039", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36253652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (curl)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-3817", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35761123" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (OpenSSL)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] }, { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-38325", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36358826" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36358835" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.4.0-23.4.2", "P-14121V-23.4.0-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2023-38545", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36253652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (curl)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-38546", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36253652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (curl)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-39151", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35863167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-39975", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5(Security)V-19.3-19.22", "P-5(Security)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35786885" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Security (Kerberos) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Security)V-19.3-19.22", "P-5(Security)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Security)V-19.3-19.22", "P-5(Security)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Security)V-19.3-19.22", "P-5(Security)V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5(Security)V-19.3-19.22", "P-5(Security)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-4016", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36100175" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36095577" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (procps)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (procps)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.4.0-23.4.2", "P-14121V-23.4.0-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2023-40167", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35998991" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2023-40217", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36097286" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise RDBMS (Python). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of RDBMS (Python). CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-4043", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36175320" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "36278187" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Eclipse Parsson)). The supported version that is affected is 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Patch (Eclipse Parsson)). The supported version that is affected is 8.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-8.0.0.1.0", "P-5085V-8.61" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012565.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2283V-8.0.0.1.0", "P-5085V-8.61" ] } ] }, { "cve": "CVE-2023-41056", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36217373" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "36217372" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "36217380" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Third Party (Redis)). The supported version that is affected is 24.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Redis)). The supported version that is affected is 23.4.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Infrastructure (Redis)). Supported versions that are affected are 5.0, 5.1 and 5.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-5.0", "P-14489V-24.1.0", "P-14118V-23.4.1", "P-10761V-5.1", "P-10761V-5.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014203.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.0", "P-10761V-5.1", "P-10761V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014202.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10761V-5.0", "P-14118V-23.4.1", "P-10761V-5.1", "P-10761V-5.2", "P-14489V-24.1.0" ] } ] }, { "cve": "CVE-2023-41074", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36198187" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "cve": "CVE-2023-41080", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35865329" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2023-41105", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36097286" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise RDBMS (Python). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of RDBMS (Python). CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-41900", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35998991" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2023-41993", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36198187" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "cve": "CVE-2023-42282", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14277V-23.4.0-23.4.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36358955" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14277V-23.4.0-23.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-23.4.0-23.4.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2023-42503", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-383V-21.3-21.13", "P-383V-19.3-19.22" ] }, { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Life Sciences Empirica Signal", "text": "35853185" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "35853142" }, { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "35853101" }, { "system_name": "Oracle Bug ID of OPatch", "text": "36323271" }, { "system_name": "Oracle Bug ID of Oracle Transportation Management", "text": "36344288" }, { "system_name": "Oracle Bug ID of Oracle Database Configuration Assistant (Apache Commons Compress)", "text": "35901710" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36354219" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36354228" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Apache Commons Compress)). The supported version that is affected is 2.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Party Management executes to compromise Oracle Banking Party Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install (Apache Commons Compress)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Health Sciences Applications (component: Core (Apache Commons Compress)). Supported versions that are affected are 9.1.0.53 and 9.2.0.53. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Life Sciences Empirica Signal executes to compromise Oracle Life Sciences Empirica Signal. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Life Sciences Empirica Signal. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Configuration Assistant (Apache Commons Compress) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the OPatch product of Oracle Global Lifecycle Management (component: Patch Installer (Apache Commons Compress)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Install (Apache Tika)). Supported versions that are affected are 6.5.2 and 6.5.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Transportation Management executes to compromise Oracle Transportation Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9646V-9.1.0.53", "P-13929V-2.7.0.0.0", "P-9646V-9.2.0.53", "P-1370V-13.5.0.0", "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2", "P-1991V-6.5.3", "P-1991V-6.5.2" ], "known_not_affected": [ "P-12753V-Prior to 12.2.0.1.42", "P-383V-21.3-21.13", "P-383V-19.3-19.22" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012768.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9646V-9.1.0.53", "P-9646V-9.2.0.53" ], "url": "https://support.oracle.com/rs?type=doc&id=3012663.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42", "P-383V-21.3-21.13", "P-383V-19.3-19.22" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1991V-6.5.3", "P-1991V-6.5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013496.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13929V-2.7.0.0.0", "P-1370V-13.5.0.0", "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2", "P-1991V-6.5.3", "P-1991V-6.5.2" ] }, { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9646V-9.1.0.53", "P-9646V-9.2.0.53" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-383V-21.3-21.13", "P-383V-19.3-19.22" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12753V-Prior to 12.2.0.1.42" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-383V-21.3-21.13", "P-383V-19.3-19.22" ] }, { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ] } ] }, { "cve": "CVE-2023-42917", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36198187" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "cve": "CVE-2023-43494", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35863167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-43495", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35863167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-43496", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35863167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-43497", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35863167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-43498", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35863167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014189.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-23.2.0", "P-14130V-23.3.0" ] } ] }, { "cve": "CVE-2023-43622", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35965685" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35965686" }, { "system_name": "Oracle Bug ID of Oracle Communications Fraud Monitor", "text": "35965683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Fraud Monitor product of Oracle Communications (component: Mediation Engine (Apache HTTP Server)). Supported versions that are affected are 5.0, 5.1 and 5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Fraud Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Fraud Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache HTTP Server)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Apache HTTP Server)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11052V-9.0.0-9.0.2", "P-10763V-5.0", "P-10770V-9.0.0-9.0.2", "P-10763V-5.1", "P-10763V-5.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10763V-5.0", "P-10763V-5.1", "P-10763V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014199.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014179.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014180.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2", "P-10763V-5.0", "P-10763V-5.1", "P-10763V-5.2" ] } ] }, { "cve": "CVE-2023-43804", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36264750" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36007053" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (urllib3)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: CLI AND SDK (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ], "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2023-44271", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "36114953" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36148955" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Pillow)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (Pillow)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-14325V-14.6.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-14325V-14.6.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13304V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-14325V-14.6.0.0.0" ] } ] }, { "cve": "CVE-2023-44483", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35977794" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35977793" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise CRM Client Management", "text": "35977880" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Veridata", "text": "35977851" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35977850" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35977800" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36149022" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35977803" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Santuario XML Security For Java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache Santuario XML Security For Java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache Santuario XML Security For Java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Apache Santuario XML Security For Java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Studio (Apache Santuario XML Security For Java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Apache Santuario XML Security For Java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise CRM Client Management product of Oracle PeopleSoft (component: Third Party (Apache Santuario XML Security For Java)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CRM Client Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CRM Client Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (Apache Santuario XML Security For Java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14324V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-14195V-14.5.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-4860V-9.2", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14324V-14.6.0.0.0" ], "known_not_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14324V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-14195V-14.5.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14324V-14.6.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4860V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14324V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-14195V-14.5.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-4860V-9.2", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14324V-14.6.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2023-44487", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14250V-23.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35969602" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35998966" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35998964" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "36345067" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35999515" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35999516" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36060105" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "36341964" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "35999001" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "35999520" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35999501" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36060109" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35998971" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35998991" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "36400054" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35998957" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "36127614" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "36060097" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35998975" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36096929" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36127611" }, { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "35999502" }, { "system_name": "Oracle Bug ID of Oracle Banking Platform", "text": "35999505" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "36127616" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35999508" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "36060112" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35999530" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "36060117" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "35999532" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35999556" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36099672" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "36106520" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36149031" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36149011" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35999491" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35999492" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Eclipse Jetty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Data Integrator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Eclipse Jetty)). The supported version that is affected is 12.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Netty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Netty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Netty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Netty)). The supported version that is affected is 2.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (Netty)). The supported version that is affected is 2.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Netty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Netty)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Installation (Nghttp2)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Cloud Native Deployment (Netty)). Supported versions that are affected are 12.0.0.4-12.0.0.8 and 15.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System (Netty)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Monitoring: High Availability (Netty)). Supported versions that are affected are 2.5.0.1, 2.5.0.2, 2.6.0.0 and 2.6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Nghttp2)). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Nghttp2)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Nghttp2)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Nghttp2)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Patches (Nghttp2)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Netty)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Nghttp2)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: APIs (Helidon)). Supported versions that are affected are 20.3.3, 20.3.4, 23.1.0 and 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Jenkins)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (Netty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure (gRPC)). The supported version that is affected is 14.7.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache Solr)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Observability Services Overlay (Golang Go)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304(Common)V-14.6.0.0.0", "P-14324(Reports)V-14.7.0.0.0", "P-10354V-19.12.0-19.12.16", "P-13487(Common Core)V-14.7.0.0.0", "P-14121(Install/Upgrade)V-23.4.0-23.4.1", "P-11607V-23.1.0", "P-11607V-23.1.1", "P-14123(Automated Test Suite)V-23.3.0", "P-14277(Install/Upgrade)V-23.4.0-23.4.2", "P-14125(Observability Services Overlay)V-23.4.0", "P-9742V-15.0.0.0", "P-10899(Patches)V-9.0.0.0", "P-8479V-8.0.35 and prior", "P-14117V-23.3.0", "P-14195(Accessibility)V-14.7.0.0.0", "P-9742V-12.0.0.4-12.0.0.8", "P-13304(Infrastructure)V-14.7.0.3.0", "P-8479V-8.2.0 and prior", "P-9110V-12.1.0.0.0", "P-5242V-14.1.1.0.0", "P-10354V-21.12.0-21.12.17", "P-1370V-13.5.0.0", "P-14325(Basic Config/Maintenances)V-14.7.0.0.0", "P-13304(Common)V-14.5.0.0.0", "P-11607V-20.3.3", "P-13487(Common Core)V-14.5.0.0.0", "P-11607V-20.3.4", "P-14324(Reports)V-14.5.0.0.0", "P-14195(Accessibility)V-14.6.0.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-14325(Basic Config/Maintenances)V-14.6.0.0.0", "P-13929V-2.7.0.0.0", "P-14118(Install/Upgrade)V-23.4.1", "P-10354V-23.12.0-23.12.3", "P-14125(Installation)V-23.4.0", "P-2241V-2.6.0.0", "P-5(GraalVM Multilingual Engine)V-21.3-21.13", "P-2241V-2.6.0.1", "P-13304(Common)V-14.7.0.0.0", "P-13487(Common Core)V-14.6.0.0.0", "P-14324(Reports)V-14.6.0.0.0", "P-14195(Accessibility)V-14.5.0.0.0", "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-2196V-12.2.1.4.0", "P-14325(Basic Config/Maintenances)V-14.5.0.0.0", "P-10899(Platform)V-9.0.0.0", "P-9178V-2.7.0.0.0" ], "known_not_affected": [ "P-14250V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304(Common)V-14.7.0.0.0", "P-14195(Accessibility)V-14.7.0.0.0", "P-13487(Common Core)V-14.5.0.0.0", "P-14324(Reports)V-14.5.0.0.0", "P-13304(Common)V-14.6.0.0.0", "P-13304(Infrastructure)V-14.7.0.3.0", "P-14324(Reports)V-14.7.0.0.0", "P-14195(Accessibility)V-14.6.0.0.0", "P-13487(Common Core)V-14.6.0.0.0", "P-9110V-12.1.0.0.0", "P-14324(Reports)V-14.6.0.0.0", "P-14195(Accessibility)V-14.5.0.0.0", "P-13487(Common Core)V-14.7.0.0.0", "P-14325(Basic Config/Maintenances)V-14.6.0.0.0", "P-14325(Basic Config/Maintenances)V-14.5.0.0.0", "P-14325(Basic Config/Maintenances)V-14.7.0.0.0", "P-13304(Common)V-14.5.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899(Platform)V-9.0.0.0", "P-10899(Patches)V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7.0.0.0", "P-9178V-2.7.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012768.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121(Install/Upgrade)V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125(Observability Services Overlay)V-23.4.0", "P-14125(Installation)V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4-12.0.0.8", "P-9742V-15.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012531.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3013490.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.2.0 and prior", "P-8479V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Install/Upgrade)V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123(Automated Test Suite)V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014191.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277(Install/Upgrade)V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-23.1.0", "P-11607V-20.3.4", "P-11607V-23.1.1", "P-11607V-20.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3011327.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13487(Common Core)V-14.5.0.0.0", "P-11607V-20.3.4", "P-14324(Reports)V-14.5.0.0.0", "P-13304(Common)V-14.6.0.0.0", "P-14324(Reports)V-14.7.0.0.0", "P-14195(Accessibility)V-14.6.0.0.0", "P-13487(Common Core)V-14.7.0.0.0", "P-14121(Install/Upgrade)V-23.4.0-23.4.1", "P-11607V-23.1.0", "P-14325(Basic Config/Maintenances)V-14.6.0.0.0", "P-13929V-2.7.0.0.0", "P-14118(Install/Upgrade)V-23.4.1", "P-11607V-23.1.1", "P-14123(Automated Test Suite)V-23.3.0", "P-14277(Install/Upgrade)V-23.4.0-23.4.2", "P-14125(Observability Services Overlay)V-23.4.0", "P-9742V-15.0.0.0", "P-10899(Patches)V-9.0.0.0", "P-14125(Installation)V-23.4.0", "P-8479V-8.0.35 and prior", "P-13304(Common)V-14.7.0.0.0", "P-14117V-23.3.0", "P-14195(Accessibility)V-14.7.0.0.0", "P-9742V-12.0.0.4-12.0.0.8", "P-13304(Infrastructure)V-14.7.0.3.0", "P-13487(Common Core)V-14.6.0.0.0", "P-8479V-8.2.0 and prior", "P-9110V-12.1.0.0.0", "P-14324(Reports)V-14.6.0.0.0", "P-14195(Accessibility)V-14.5.0.0.0", "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0", "P-14325(Basic Config/Maintenances)V-14.5.0.0.0", "P-1370V-13.5.0.0", "P-14325(Basic Config/Maintenances)V-14.7.0.0.0", "P-10899(Platform)V-9.0.0.0", "P-13304(Common)V-14.5.0.0.0", "P-11607V-20.3.3", "P-9178V-2.7.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14250V-23.4.0" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14250V-23.4.0" ] } ] }, { "cve": "CVE-2023-44981", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "35966047" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36149048" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35966049" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35966001" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35966012" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35966034" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35966002" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35966007" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Branch accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Cash Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: TimesTen Grid (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Monitoring: High Availability (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Origination accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14324V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-14195V-14.5.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14324V-14.6.0.0.0" ], "known_not_affected": [ "P-1870V-Prior to 22.1.1.19.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14324V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-14195V-14.5.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14324V-14.6.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-14015V-19.1.0.0.0-19.1.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3013490.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14324V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.6.0.0.0", "P-14195V-14.5.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14324V-14.7.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14324V-14.6.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.19.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ] } ] }, { "cve": "CVE-2023-45142", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "36400085" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Observability Services Overlay (Prometheus)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.4.0" ] } ] }, { "cve": "CVE-2023-4527", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "36258057" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (glibc)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.16.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.16.0.000" ] } ] }, { "cve": "CVE-2023-45802", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35965685" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35965686" }, { "system_name": "Oracle Bug ID of Oracle Communications Fraud Monitor", "text": "35965683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Fraud Monitor product of Oracle Communications (component: Mediation Engine (Apache HTTP Server)). Supported versions that are affected are 5.0, 5.1 and 5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Fraud Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Fraud Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache HTTP Server)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Apache HTTP Server)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11052V-9.0.0-9.0.2", "P-10763V-5.0", "P-10770V-9.0.0-9.0.2", "P-10763V-5.1", "P-10763V-5.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10763V-5.0", "P-10763V-5.1", "P-10763V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014199.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014179.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014180.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2", "P-10763V-5.0", "P-10763V-5.1", "P-10763V-5.2" ] } ] }, { "cve": "CVE-2023-45803", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36264750" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: CLI AND SDK (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2023-46218", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "36127659" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (curl)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-46219", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "36127659" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36253652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (curl)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (curl)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0", "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-46308", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14634V-Prior to 24.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36174925" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Various Common Features (Plotly.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14634V-Prior to 24.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.1" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14634V-Prior to 24.1" ] } ] }, { "cve": "CVE-2023-4641", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36100161" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36095667" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (shadow-utils)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (shadow-utils)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.4.0-23.4.2", "P-14121V-23.4.0-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2023-46589", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36082579" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "36110077" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36099729" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "36110052" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "36110063" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "36110053" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "36110069" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "36110078" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "36110057" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "36110105" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36148980" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 24.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Management Cloud Engine accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). The supported version that is affected is 3.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Big Data Spatial and Graph. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Big Data Spatial and Graph accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Third Party (Apache Tomcat)). The supported version that is affected is 24.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: User Interface (Apache Tomcat)). The supported version that is affected is 9.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (Apache Tomcat)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14325V-14.5.0.0.0", "P-14489V-24.1.0", "P-14121V-23.4.0-23.4.1", "P-11052V-9.0.0-9.0.2", "P-14325V-14.7.0.0.0", "P-14252V-24.1.0.0.0", "P-10770V-9.0.0-9.0.2", "P-10198V-12.2.1.4.0", "P-13940V-9.1.1.7.0", "P-4461V-9.3.6", "P-14325V-14.6.0.0.0", "P-14277V-23.4.0-23.4.2", "P-11528V-3.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.1.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014201.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013496.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11528V-3.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014203.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014179.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014180.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014178.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14325V-14.5.0.0.0", "P-14325V-14.7.0.0.0", "P-14325V-14.6.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14325V-14.5.0.0.0", "P-14325V-14.7.0.0.0", "P-14252V-24.1.0.0.0", "P-10770V-9.0.0-9.0.2", "P-10198V-12.2.1.4.0", "P-13940V-9.1.1.7.0", "P-4461V-9.3.6", "P-14489V-24.1.0", "P-11052V-9.0.0-9.0.2", "P-14325V-14.6.0.0.0", "P-11528V-3.0.5" ] } ] }, { "cve": "CVE-2023-46604", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "36023150" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "36023158" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Apache ActiveMQ)). The supported version that is affected is 12.1.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache ActiveMQ)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9110V-12.1.0.0.0" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9110V-12.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9110V-12.1.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8" ] } ] }, { "cve": "CVE-2023-46809", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "36317499" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. While the vulnerability is in Oracle GraalVM for JDK, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] } ] }, { "cve": "CVE-2023-47038", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "36178922" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36178988" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36264917" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36166843" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36178925" }, { "system_name": "Oracle Bug ID of Oracle Database Gateway for APPC (Perl)", "text": "36178909" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "36178981" }, { "system_name": "Oracle Bug ID of Universal Installer (Perl)", "text": "36178982" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the SQLcl (Eclipse parsson) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Gateway for APPC (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Platform (Perl)). Supported versions that are affected are 12.0.0.4-12.0.0.8 and 15.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Perl)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Cache (Perl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Universal Installer (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Global Service Manager (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the RDBMS (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.4.1", "P-2136V-12.0.0.4-12.0.0.8", "P-2136V-15.0.0.0" ], "known_not_affected": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-5(RDBMS)V-19.3-19.22", "P-662V-21.3-21.13", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4-12.0.0.8", "P-2136V-15.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012555.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-774V-19.3-19.22", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.4.1", "P-2136V-12.0.0.4-12.0.0.8", "P-2136V-15.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.19.0", "P-662V-19.3-19.22", "P-662V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-47039", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36178988" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36264917" }, { "system_name": "Oracle Bug ID of Oracle Database Gateway for APPC (Perl)", "text": "36178909" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "36178981" }, { "system_name": "Oracle Bug ID of Universal Installer (Perl)", "text": "36178982" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Gateway for APPC (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Cache (Perl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Universal Installer (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Global Service Manager (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the RDBMS (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-5(RDBMS)V-19.3-19.22", "P-662V-21.3-21.13", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-774V-19.3-19.22", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.19.0", "P-662V-19.3-19.22", "P-662V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-47100", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "36178922" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36178988" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36264917" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36166843" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36178925" }, { "system_name": "Oracle Bug ID of Oracle Database Gateway for APPC (Perl)", "text": "36178909" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "36178981" }, { "system_name": "Oracle Bug ID of Universal Installer (Perl)", "text": "36178982" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the SQLcl (Eclipse parsson) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Gateway for APPC (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Platform (Perl)). Supported versions that are affected are 12.0.0.4-12.0.0.8 and 15.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Perl)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Cache (Perl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Universal Installer (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Global Service Manager (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the RDBMS (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.4.1", "P-2136V-12.0.0.4-12.0.0.8", "P-2136V-15.0.0.0" ], "known_not_affected": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-5(RDBMS)V-19.3-19.22", "P-662V-21.3-21.13", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4-12.0.0.8", "P-2136V-15.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012555.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-774V-19.3-19.22", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.4.1", "P-2136V-12.0.0.4-12.0.0.8", "P-2136V-15.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.19.0", "P-662V-19.3-19.22", "P-662V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Global Service Manager)V-21.3-21.13", "P-5(Global Service Manager)V-19.3-19.22", "P-5(SQLcl)V-21.3-21.13", "P-5(SQLcl)V-19.3-19.22", "P-662V-19.3-19.22", "P-774V-19.3-19.22", "P-662V-21.3-21.13", "P-5(RDBMS)V-19.3-19.22", "P-774V-21.3-21.13", "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-4806", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "36258057" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (glibc)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.16.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.16.0.000" ] } ] }, { "cve": "CVE-2023-4807", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35862243" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-4863", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35880281" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (libwebp)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2023-48795", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications User Data Repository", "text": "36148941" }, { "system_name": "Oracle Bug ID of OPatchAuto", "text": "36209540" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "36229049" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "36223791" }, { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "36344167" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36143508" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "36135643" }, { "system_name": "Oracle Bug ID of Oracle SQLcl (Apache Mina SSHD)", "text": "36223861" }, { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "36111267" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36169418" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "36223781" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36135636" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "36223818" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "36374767" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "36223806" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "36223817" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "36267866" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "36223825" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36223813" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "36223801" }, { "system_name": "Oracle Bug ID of Oracle Global Lifecycle Management NextGen OUI Framework", "text": "36223867" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (libssh)). The supported version that is affected is 23.4.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Patches (Apache Mina SSHD)). The supported version that is affected is 9.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Grid Infrastructure (Apache Mina SSHD) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Grid Infrastructure (Apache Mina SSHD). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Grid Infrastructure (Apache Mina SSHD) accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Patches (Apache Mina SSHD)). The supported version that is affected is 14.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications User Data Repository accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: CLI AND SDK (Paramiko)). Supported versions that are affected are Prior to 24.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Autonomous Health Framework accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OPatchAuto product of Oracle Global Lifecycle Management (component: Database extensions (Apache Mina SSHD)). Supported versions that are affected are Prior to 12.2.0.1.42. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise OPatchAuto. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OPatchAuto accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: DA - Diagnostic Assistant (Apache Mina SSHD)). The supported version that is affected is 2.12.45. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OSS Support Tools accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: STB - Services Tools Bundle (Apache Mina SSHD)). The supported version that is affected is 24.1.24.1.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OSS Support Tools accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Apache Mina SSHD)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Coherence accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Install/Upgrade (Apache Mina SSHD)). The supported version that is affected is 23.4.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Exposure Function accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install/Upgrade (Apache Mina SSHD)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache Mina SSHD)). Supported versions that are affected are 9.0.0-9.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General or Others (Apache Mina SSHD)). Supported versions that are affected are 9.0.0-9.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install (Apache Mina SSHD)). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SQLcl (Apache Mina SSHD) component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle SQLcl (Apache Mina SSHD). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SQLcl (Apache Mina SSHD) accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management NextGen OUI Framework accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: RDA - Remote Diagnostic Agent (Apache Mina SSHD)). The supported version that is affected is 24.1.24.1.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OSS Support Tools accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Remote Diagnostic Agent (Apache Mina SSHD)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Apache Mina SSHD)). The supported version that is affected is 19.0.0.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (Apache Mina SSHD)). Supported versions that are affected are 5.0, 5.1 and 5.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Operations Monitor accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1330(RDA - Remote Diagnostic Agent)V-24.1.24.1.16", "P-12738V-12.2.1.4.0", "P-2545V-14.1.1.0.0", "P-13388V-19.0.0.9", "P-4647V-14.1.1.0.0", "P-14122V-23.4.1", "P-10770V-9.0.0-9.0.2", "P-5(Grid Infrastructure)V-21.3-21.13", "P-11108V-14.0.0.0.0", "P-14118V-23.4.1", "P-13824V-19.3-19.22", "P-2545V-12.2.1.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0", "P-11052V-9.0.0-9.0.2", "P-1330(DA - Diagnostic Assistant)V-2.12.45", "P-10899V-9.0.0.0", "P-10761V-5.0", "P-13824V-21.3-21.13", "P-10761V-5.1", "P-1330(STB - Services Tools Bundle)V-24.1.24.1.16", "P-10761V-5.2", "P-14119V-22.4.0", "P-1370V-13.5.0.0", "P-4647V-12.2.1.4.0", "P-14634V-Prior to 24.2", "P-1162V-12.2.1.4.0", "P-12752V-Prior to 12.2.0.1.42" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-14.1.1.0.0", "P-2545V-12.2.1.4.0", "P-12738V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-2545V-14.1.1.0.0", "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13824V-21.3-21.13", "P-13824V-19.3-19.22", "P-5(Grid Infrastructure)V-21.3-21.13", "P-14634V-Prior to 24.2", "P-12752V-Prior to 12.2.0.1.42" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11108V-14.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3015461.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1330(RDA - Remote Diagnostic Agent)V-24.1.24.1.16", "P-1330(STB - Services Tools Bundle)V-24.1.24.1.16", "P-1330(DA - Diagnostic Assistant)V-2.12.45" ], "url": "https://support.oracle.com/rs?type=doc&id=3014515.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014197.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-22.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014179.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014180.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13388V-19.0.0.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3009818.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.0", "P-10761V-5.1", "P-10761V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014202.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-1330(RDA - Remote Diagnostic Agent)V-24.1.24.1.16", "P-12738V-12.2.1.4.0", "P-2545V-14.1.1.0.0", "P-13388V-19.0.0.9", "P-4647V-14.1.1.0.0", "P-14122V-23.4.1", "P-10770V-9.0.0-9.0.2", "P-5(Grid Infrastructure)V-21.3-21.13", "P-11108V-14.0.0.0.0", "P-14118V-23.4.1", "P-13824V-19.3-19.22", "P-2545V-12.2.1.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0", "P-11052V-9.0.0-9.0.2", "P-1330(DA - Diagnostic Assistant)V-2.12.45", "P-10899V-9.0.0.0", "P-10761V-5.0", "P-13824V-21.3-21.13", "P-10761V-5.1", "P-1330(STB - Services Tools Bundle)V-24.1.24.1.16", "P-10761V-5.2", "P-14119V-22.4.0", "P-1370V-13.5.0.0", "P-4647V-12.2.1.4.0", "P-14634V-Prior to 24.2", "P-1162V-12.2.1.4.0", "P-12752V-Prior to 12.2.0.1.42" ] } ] }, { "cve": "CVE-2023-49083", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14634V-Prior to 23.11.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "36114962" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "36114952" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36358826" }, { "system_name": "Oracle Bug ID of Oracle Communications User Data Repository", "text": "36148961" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "36114970" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36097286" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36148958" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36174592" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "36114979" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36114958" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36358835" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise RDBMS (Python). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of RDBMS (Python). CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Third Party (Cryptography)). The supported version that is affected is 24.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Cryptography)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Automated Test Suite (Cryptography)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (Cryptography)). Supported versions that are affected are 5.1 and 5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Security (Cryptography)). The supported version that is affected is 14.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: CLI AND SDK (Cryptography)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.4.1", "P-14489V-24.1.0", "P-14119V-23.2.0", "P-14119V-23.1.0", "P-14121V-23.4.0-23.4.1", "P-5(RDBMS)V-21.3-21.13", "P-10899V-9.0.0.0", "P-10761V-5.1", "P-10761V-5.2", "P-14119V-22.4.0", "P-14277V-23.4.0-23.4.2", "P-14123V-23.3.0", "P-11108V-14.0.0.0.0" ], "known_not_affected": [ "P-14634V-Prior to 23.11.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 23.11.1", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014203.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014191.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.1", "P-10761V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014202.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-22.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11108V-14.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3015461.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(RDBMS)V-21.3-21.13" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0", "P-14118V-23.4.1", "P-10761V-5.1", "P-10761V-5.2", "P-14119V-22.4.0", "P-14489V-24.1.0", "P-14119V-23.2.0", "P-14119V-23.1.0", "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2", "P-14123V-23.3.0", "P-11108V-14.0.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 23.11.1" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14634V-Prior to 23.11.1" ] } ] }, { "cve": "CVE-2023-4911", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "36258057" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (glibc)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.16.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.16.0.000" ] } ] }, { "cve": "CVE-2023-50298", "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "36345067" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache Solr)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-20.12.0-20.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3" ] } ] }, { "cve": "CVE-2023-50386", "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "36345067" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache Solr)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-20.12.0-20.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10354V-23.12.0-23.12.3" ] } ] }, { "cve": "CVE-2023-5072", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" }, { "system_name": "Oracle Bug ID of Oracle Communications WebRTC Session Controller", "text": "35954715" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "36123778" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35954678" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35954689" }, { "system_name": "Oracle Bug ID of Oracle Banking Enterprise Default Management", "text": "35954688" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "35954669" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35954746" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35954745" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35908634" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35954695" }, { "system_name": "Oracle Bug ID of Oracle Life Sciences Empirica Signal", "text": "35954750" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35954786" }, { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "36379993" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "35954682" }, { "system_name": "Oracle Bug ID of Oracle Banking Loans Servicing", "text": "35954690" }, { "system_name": "Oracle Bug ID of Oracle Banking Platform", "text": "36010660" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "36149035" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (JSON-java)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Third Party (JSON-java)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (JSON-java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: Web UI (JSON-java)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (JSON-java)). Supported versions that are affected are 2.7.0.0.0 and 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Enterprise Default Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (JSON-java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Loans Servicing product of Oracle Financial Services Applications (component: Web UI (JSON-java)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Loans Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Loans Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (JSON-java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications WebRTC Session Controller product of Oracle Communications (component: Security (JSON-java)). Supported versions that are affected are 7.2.0.0.0-7.2.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications WebRTC Session Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (JSON-java)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Stream Analytics. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Studio (JSON-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Health Sciences Applications (component: Core (JSON-java)). Supported versions that are affected are 9.1.0.53 and 9.2.0.53. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences Empirica Signal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Life Sciences Empirica Signal. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (JSON-java)). Supported versions that are affected are 19.12.0-19.12.18, 20.12.0-20.12.13 and 21.12.0-21.12.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (JSON-java)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: User Interface (JSON-java)). The supported version that is affected is 9.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Basic Config/Maintenances (JSON-java)). Supported versions that are affected are 14.5.0.0.0, 14.6.0.0.0 and 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (JSON-java)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13928V-2.12.0.0.0", "P-13390V-2.7.0.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-14195V-14.6.0.0.0", "P-13390V-2.12.0.0.0", "P-13927V-2.12.0.0.0", "P-13304V-14.5.0.0.0", "P-9646V-9.1.0.53", "P-14195V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-13940V-9.1.1.7.0", "P-13487V-14.6.0.0.0", "P-9178V-2.12.0.0.0", "P-5(GraalVM Multilingual Engine)V-21.3-21.13", "P-9348V-11.3.1", "P-9348V-11.3.2", "P-1999V-12.2.1.3.0", "P-14325V-14.5.0.0.0", "P-9348V-11.3.0", "P-9646V-9.2.0.53", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-10605V-20.12.0-20.12.13", "P-14195V-14.5.0.0.0", "P-13487V-14.7.0.0.0", "P-5242V-14.1.1.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-14325V-14.6.0.0.0", "P-10811V-7.2.0.0.0-7.2.1.0.0" ], "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.3.0", "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.5.0.0.0", "P-14325V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13487V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-14195V-14.6.0.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-13487V-14.6.0.0.0", "P-14325V-14.6.0.0.0", "P-14195V-14.5.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.12.0.0.0", "P-13390V-2.7.0.0.0", "P-13390V-2.12.0.0.0", "P-9178V-2.12.0.0.0", "P-13927V-2.12.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012768.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10811V-7.2.0.0.0-7.2.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014177.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-10945V-12.2.0.4.0", "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9646V-9.1.0.53", "P-9646V-9.2.0.53" ], "url": "https://support.oracle.com/rs?type=doc&id=3012663.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-10605V-20.12.0-20.12.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014178.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13928V-2.12.0.0.0", "P-13390V-2.7.0.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.8", "P-14195V-14.6.0.0.0", "P-13390V-2.12.0.0.0", "P-13927V-2.12.0.0.0", "P-13304V-14.5.0.0.0", "P-14195V-14.7.0.0.0", "P-13304V-14.6.0.0.0", "P-14325V-14.7.0.0.0", "P-13940V-9.1.1.7.0", "P-13487V-14.6.0.0.0", "P-9178V-2.12.0.0.0", "P-9348V-11.3.1", "P-9348V-11.3.2", "P-1999V-12.2.1.3.0", "P-14325V-14.5.0.0.0", "P-9348V-11.3.0", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-10605V-20.12.0-20.12.13", "P-14195V-14.5.0.0.0", "P-13487V-14.7.0.0.0", "P-5242V-14.1.1.0.0", "P-13304V-14.7.0.0.0", "P-13487V-14.5.0.0.0", "P-14325V-14.6.0.0.0", "P-10811V-7.2.0.0.0-7.2.1.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9646V-9.1.0.53", "P-9646V-9.2.0.53" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2023-50782", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36358826" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36358835" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.4.0-23.4.2", "P-14121V-23.4.0-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2023-51074", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.5.4.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36344855" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36344824" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "36163181" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Infrastructure (JsonPath)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (JsonPath)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (JsonPath)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.4.0-23.4.2", "P-14121V-23.4.0-23.4.1" ], "known_not_affected": [ "P-4379V-21.5.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.5.4.0.0" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.5.4.0.0" ] } ] }, { "cve": "CVE-2023-51257", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36230560" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install/Upgrade (JasPer)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14119V-23.2.0", "P-14119V-23.1.0", "P-14119V-22.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-22.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14119V-22.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0" ] } ] }, { "cve": "CVE-2023-5156", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "36258057" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (glibc)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.16.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.16.0.000" ] } ] }, { "cve": "CVE-2023-51775", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36427113" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (jose4j)). The supported version that is affected is 23.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14119V-23.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14119V-23.3.2" ] } ] }, { "cve": "CVE-2023-52428", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36301017" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "36341547" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (Nimbus JOSE+JWT)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Integration (Nimbus JOSE+JWT)). Supported versions that are affected are 21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-12.2.1.4.0", "P-10354V-23.12.0-23.12.3", "P-5242V-14.1.1.0.0", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-23.12.0-23.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-5242V-12.2.1.4.0", "P-10354V-23.12.0-23.12.3" ] } ] }, { "cve": "CVE-2023-5341", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "36156596" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Infrastructure (ImageMagick)). Supported versions that are affected are 5.0, 5.1 and 5.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Operations Monitor executes to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-5.0", "P-10761V-5.1", "P-10761V-5.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.0", "P-10761V-5.1", "P-10761V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014202.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10761V-5.0", "P-10761V-5.1", "P-10761V-5.2" ] } ] }, { "cve": "CVE-2023-5363", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "36400103" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36299619" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the RDBMS (Dell BSAFE Crypto-J) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Observability Services Overlay (nginx)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.4.0" ], "known_not_affected": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-23.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2023-5379", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36456488" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Undertow)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-23.4.1" ] } ] }, { "cve": "CVE-2023-5678", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36278301" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36278302" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "36278303" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36283986" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "36278304" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "36278305" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Backup as well as unauthorized update, insert or delete access to some of MySQL Enterprise Backup accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.37 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor as well as unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8576V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ], "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8576V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8576V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2023-5752", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36253754" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: CLI AND SDK (pip)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2023-6004", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "36135643" }, { "system_name": "Oracle Bug ID of Oracle Communications User Data Repository", "text": "36148941" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36135636" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (libssh)). The supported version that is affected is 23.4.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Patches (Apache Mina SSHD)). The supported version that is affected is 9.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Patches (Apache Mina SSHD)). The supported version that is affected is 14.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications User Data Repository accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0", "P-14118V-23.4.1", "P-11108V-14.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11108V-14.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3015461.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0", "P-14118V-23.4.1", "P-11108V-14.0.0.0.0" ] } ] }, { "cve": "CVE-2023-6129", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36278301" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36278302" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "36278303" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36283986" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "36278304" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "36278305" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Backup as well as unauthorized update, insert or delete access to some of MySQL Enterprise Backup accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.37 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor as well as unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-8576(Connector/C++)V-8.3.0 and prior", "P-8576(Connector/ODBC)V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ], "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-8576(Connector/C++)V-8.3.0 and prior", "P-8576(Connector/ODBC)V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-8576(Connector/C++)V-8.3.0 and prior", "P-8576(Connector/ODBC)V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2023-6246", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "36258057" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (glibc)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.16.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.16.0.000" ] } ] }, { "cve": "CVE-2023-6378", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14277V-23.4.0-23.4.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36095277" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "36106520" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "36278167" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: APIs (Helidon)). Supported versions that are affected are 20.3.3, 20.3.4, 23.1.0 and 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Patch (logback)). The supported version that is affected is 8.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11607V-23.1.0", "P-2283V-8.0.0.1.0", "P-11607V-20.3.4", "P-11607V-23.1.1", "P-11607V-20.3.3" ], "known_not_affected": [ "P-14277V-23.4.0-23.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-23.1.0", "P-11607V-20.3.4", "P-11607V-23.1.1", "P-11607V-20.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3011327.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012565.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-23.4.0-23.4.2" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-11607V-23.1.0", "P-2283V-8.0.0.1.0", "P-11607V-20.3.4", "P-11607V-23.1.1", "P-11607V-20.3.3" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2023-6481", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14277V-23.4.0-23.4.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36095277" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14277V-23.4.0-23.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-23.4.0-23.4.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2023-6507", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "36132414" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Third Party (Python)). The supported version that is affected is 24.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14489V-24.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014203.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14489V-24.1.0" ] } ] }, { "cve": "CVE-2023-6779", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "36258057" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (glibc)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.16.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.16.0.000" ] } ] }, { "cve": "CVE-2023-6780", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "36258057" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (glibc)). The supported version that is affected is 11.2.16.0.000. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.16.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.16.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.16.0.000" ] } ] }, { "cve": "CVE-2023-6918", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "36135643" }, { "system_name": "Oracle Bug ID of Oracle Communications User Data Repository", "text": "36148941" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36135636" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (libssh)). The supported version that is affected is 23.4.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Patches (Apache Mina SSHD)). The supported version that is affected is 9.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Patches (Apache Mina SSHD)). The supported version that is affected is 14.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications User Data Repository accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0", "P-14118V-23.4.1", "P-11108V-14.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014176.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11108V-14.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3015461.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0", "P-14118V-23.4.1", "P-11108V-14.0.0.0.0" ] } ] }, { "cve": "CVE-2024-0727", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36358826" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36278301" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36278302" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "36278303" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36283986" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "36278304" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "36278305" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36358835" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Backup as well as unauthorized update, insert or delete access to some of MySQL Enterprise Backup accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.37 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor as well as unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8576V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2", "P-4629V-8.0.36 and prior" ], "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8576V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8480V-8.0.37 and prior", "P-4629V-8.3.0 and prior", "P-8576V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2024-0853", "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "36349671" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "36349673" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36253652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (curl)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (curl)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Backup accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-4629V-8.3.0 and prior", "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60", "P-4629V-8.0.36 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-4629V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-4629V-8.3.0 and prior", "P-4629V-8.0.36 and prior" ] } ] }, { "cve": "CVE-2024-1459", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36456488" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Undertow)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-23.4.1" ] } ] }, { "cve": "CVE-2024-1597", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "36334230" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Third Party (PostgreSQL JDBC Driver)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-1635", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36456488" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Undertow)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014198.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-23.4.1" ] } ] }, { "cve": "CVE-2024-20918", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20919", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20921", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20922", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20923", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20925", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20926", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20932", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20945", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20952", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36107739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GraalVM Multilingual Engine component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise GraalVM Multilingual Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GraalVM Multilingual Engine. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20954", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35894650" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:20.3.13", "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.9", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM Enterprise Edition:20.3.13", "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.9", "P-13497V-Oracle GraalVM for JDK:21.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM Enterprise Edition:20.3.13", "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.9", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] } ] }, { "cve": "CVE-2024-20989", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Simphony", "text": "27499294" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Supported versions that are affected are 19.1.0-19.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11594V-19.1.0-19.5.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11594V-19.1.0-19.5.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3009811.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "P-11594V-19.1.0-19.5.4" ] } ] }, { "cve": "CVE-2024-20990", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Technology Stack", "text": "33283085" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1745V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1745V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-1745V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20991", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "34259476" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Przemysław Mazurek" ] } ], "cve": "CVE-2024-20992", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "34425704" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1696V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1696V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-20993", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34856256" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20994", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34930219" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Emad Al-Mousa" ] } ], "cve": "CVE-2024-20995", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35280316" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Database Sharding)V-21.3-21.13", "P-5(Oracle Database Sharding)V-19.3-19.22" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Sharding)V-19.3-19.22", "P-5(Oracle Database Sharding)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(Oracle Database Sharding)V-19.3-19.22", "P-5(Oracle Database Sharding)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-20997", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Simphony", "text": "35472848" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11594V-19.1.0-19.5.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11594V-19.1.0-19.5.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3009811.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11594V-19.1.0-19.5.4" ] } ] }, { "cve": "CVE-2024-20998", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35476172" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-20999", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "35521786" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "cve": "CVE-2024-21000", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35530823" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "AnhNH" ], "organization": "Sacombank" }, { "names": [ "ChauUHM" ], "organization": "Sacombank" }, { "names": [ "TungHT" ], "organization": "Sacombank" } ], "cve": "CVE-2024-21001", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35551450" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2024-21002", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35601645" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "cve": "CVE-2024-21003", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35601660" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "cve": "CVE-2024-21004", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35601672" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "cve": "CVE-2024-21005", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35601679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "acknowledgments": [ { "names": [ "bluE0 and 4ra1n" ] }, { "names": [ "Huang Xiaopeng" ] }, { "names": [ "L0ne1y" ] }, { "names": [ "pwnull" ] }, { "names": [ "yc_m1qlin" ] } ], "cve": "CVE-2024-21006", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35602012" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "aw0yo" ], "organization": "Cyber KunLun" } ], "cve": "CVE-2024-21007", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35692997" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Zu-Ming Jiang" ] } ], "cve": "CVE-2024-21008", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35733778" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Zu-Ming Jiang" ] } ], "cve": "CVE-2024-21009", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35738531" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21010", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Simphony", "text": "35741540" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11594V-19.1.0-19.5.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11594V-19.1.0-19.5.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3009811.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11594V-19.1.0-19.5.4" ] } ] }, { "cve": "CVE-2024-21011", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35756049" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] } ] }, { "cve": "CVE-2024-21012", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35763656" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9" ] } ] }, { "acknowledgments": [ { "names": [ "Zu-Ming Jiang" ] } ], "cve": "CVE-2024-21013", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35779012" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21014", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Simphony", "text": "35786236" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11594V-19.1.0-19.5.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11594V-19.1.0-19.5.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3009811.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11594V-19.1.0-19.5.4" ] } ] }, { "cve": "CVE-2024-21015", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35789759" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21016", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828458" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21017", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828460" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21018", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828463" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21019", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828468" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21020", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21021", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828476" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21022", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828478" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21023", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828482" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21024", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828483" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21025", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828485" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21026", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828488" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21027", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828523" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21028", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828631" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21029", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828632" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21030", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828634" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21031", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828636" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21032", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828637" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21033", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828640" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21034", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828642" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21035", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828647" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21036", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828648" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21037", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828650" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21038", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828651" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21039", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21040", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828654" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21041", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35833528" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21042", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35833530" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21043", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35833535" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21044", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35833538" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21045", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35833544" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21046", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35833547" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21047", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35836581" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21048", "ids": [ { "system_name": "Oracle Bug ID of Oracle Web Applications Desktop Integrator", "text": "35837416" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1171V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1171V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-1171V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21049", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35845564" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2024-21050", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35845594" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2024-21051", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846086" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2024-21052", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846102" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2024-21053", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846112" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2024-21054", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846402" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21055", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846585" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior" ] } ] }, { "cve": "CVE-2024-21056", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846858" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2024-21057", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846873" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Emad Al-Mousa" ] } ], "cve": "CVE-2024-21058", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35853413" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Unified Audit)V-19.3-19.22", "P-5(Unified Audit)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Unified Audit)V-19.3-19.22", "P-5(Unified Audit)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(Unified Audit)V-19.3-19.22", "P-5(Unified Audit)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-21059", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "33948405" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "cve": "CVE-2024-21060", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35942937" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21061", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35957453" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-21062", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35957627" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21063", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise HCM Benefits Administration", "text": "35966338" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise HCM Benefits Administration executes to compromise PeopleSoft Enterprise HCM Benefits Administration. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Benefits Administration accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Benefits Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Benefits Administration. CVSS 3.1 Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5042V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5042V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "P-5042V-9.2" ] } ] }, { "acknowledgments": [ { "names": [ "AnhNH" ], "organization": "Sacombank" }, { "names": [ "ChauUHM" ], "organization": "Sacombank" }, { "names": [ "me0x2" ], "organization": "Sacombank" }, { "names": [ "ninh.0x4c" ], "organization": "sacombank" }, { "names": [ "TungHT" ], "organization": "Sacombank" } ], "cve": "CVE-2024-21064", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35998679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2024-21065", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35999235" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "acknowledgments": [ { "names": [ "Raju Mogulapalli- City" ], "organization": "Philadelphia" } ], "cve": "CVE-2024-21066", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36004586" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS executes to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "acknowledgments": [ { "names": [ "Ben Leonard-Lagarde" ], "organization": "Modux" } ], "cve": "CVE-2024-21067", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "36015161" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3000006.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1370V-13.5.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "Vladimir Kondratyev" ] } ], "cve": "CVE-2024-21068", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36032852" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] } ] }, { "cve": "CVE-2024-21069", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36035041" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21070", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36042624" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2024-21071", "ids": [ { "system_name": "Oracle Bug ID of Oracle Workflow", "text": "36050661" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-174V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-174V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-174V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21072", "ids": [ { "system_name": "Oracle Bug ID of Oracle Installed Base", "text": "36050690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1118V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1118V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1118V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21073", "ids": [ { "system_name": "Oracle Bug ID of Oracle Trade Management", "text": "36050694" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-765V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-765V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-765V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21074", "ids": [ { "system_name": "Oracle Bug ID of Oracle Trade Management", "text": "36050712" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-765V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-765V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-765V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21075", "ids": [ { "system_name": "Oracle Bug ID of Oracle Trade Management", "text": "36050717" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-765V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-765V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-765V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21076", "ids": [ { "system_name": "Oracle Bug ID of Oracle Trade Management", "text": "36050724" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-765V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-765V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-765V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21077", "ids": [ { "system_name": "Oracle Bug ID of Oracle Trade Management", "text": "36050729" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-765V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-765V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-765V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21078", "ids": [ { "system_name": "Oracle Bug ID of Oracle Marketing", "text": "36050733" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-229V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-229V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-229V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21079", "ids": [ { "system_name": "Oracle Bug ID of Oracle Marketing", "text": "36050734" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-229V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-229V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-229V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21080", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Framework", "text": "36050738" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1472V-12.2.9-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1472V-12.2.9-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1472V-12.2.9-12.2.13" ] } ] }, { "cve": "CVE-2024-21081", "ids": [ { "system_name": "Oracle Bug ID of Oracle Partner Management", "text": "36063822" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1065V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1065V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-1065V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Davide Virruso" ], "organization": "Yoroi" } ], "cve": "CVE-2024-21082", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "36063956" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0", "P-1479V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Davide Virruso" ], "organization": "Yoroi" } ], "cve": "CVE-2024-21083", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "36063966" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0", "P-1479V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Davide Virruso" ], "organization": "Yoroi" } ], "cve": "CVE-2024-21084", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "36063974" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0", "P-1479V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Yakov Shafranovich" ], "organization": "Amazon Web Services" } ], "cve": "CVE-2024-21085", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36067943" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Šimko" ], "organization": "Accenture" } ], "cve": "CVE-2024-21086", "ids": [ { "system_name": "Oracle Bug ID of Oracle CRM Technical Foundation", "text": "36088906" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1199V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1199V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-1199V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21087", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36093405" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21088", "ids": [ { "system_name": "Oracle Bug ID of Oracle Production Scheduling", "text": "34786868" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Production Scheduling accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1983V-12.2.4-12.2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1983V-12.2.4-12.2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-1983V-12.2.4-12.2.12" ] } ] }, { "cve": "CVE-2024-21089", "ids": [ { "system_name": "Oracle Bug ID of Oracle Concurrent Processing", "text": "36155952" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: Request Submission and Scheduling). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Concurrent Processing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9303V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9303V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9303V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-21090", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36167880" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8576V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8576V-8.3.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Dinh Viet Hai (haidv35)" ], "organization": "Pentest Team Viettel Cyber Security" }, { "names": [ "Nguyen Minh Quoc (quocnm6)" ], "organization": "Pentest Team Viettel Cyber Security" } ], "cve": "CVE-2024-21091", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Product Lifecycle Management for Process", "text": "36206436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4445V-6.2.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4445V-6.2.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013496.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4445V-6.2.4.2" ] } ] }, { "acknowledgments": [ { "names": [ "Dinh Viet Hai (haidv35)" ], "organization": "Pentest Team Viettel Cyber Security" }, { "names": [ "Nguyen Minh Quoc (quocnm6)" ], "organization": "Pentest Team Viettel Cyber Security" } ], "cve": "CVE-2024-21092", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Product Lifecycle Management for Process", "text": "36206440" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4445V-6.2.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4445V-6.2.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3013496.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-4445V-6.2.4.2" ] } ] }, { "cve": "CVE-2024-21093", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36210227" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Java VM)V-21.3-21.13", "P-5(Java VM)V-19.3-19.22" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Java VM)V-21.3-21.13", "P-5(Java VM)V-19.3-19.22" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Java VM)V-21.3-21.13", "P-5(Java VM)V-19.3-19.22" ] } ] }, { "cve": "CVE-2024-21094", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36242469" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.13", "P-856V-Oracle Java SE:8u401", "P-856V-Oracle Java SE:21.0.2", "P-856V-Oracle Java SE:22", "P-856V-Oracle Java SE:11.0.22", "P-856V-Oracle GraalVM for JDK:22", "P-856V-Oracle GraalVM for JDK:21.0.2", "P-856V-Oracle GraalVM for JDK:17.0.10", "P-856V-Oracle Java SE:17.0.10", "P-856V-Oracle GraalVM Enterprise Edition:21.3.9", "P-856V-Oracle Java SE:8u401-perf" ] } ] }, { "cve": "CVE-2024-21095", "ids": [ { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "36248492" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12 and 23.12.0-23.12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5579V-22.12.0-22.12.12", "P-5579V-19.12.0-19.12.22", "P-5579V-20.12.0-20.12.21", "P-5579V-23.12.0-23.12.2", "P-5579V-21.12.0-21.12.18" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-19.12.0-19.12.22", "P-5579V-22.12.0-22.12.12", "P-5579V-20.12.0-20.12.21", "P-5579V-23.12.0-23.12.2", "P-5579V-21.12.0-21.12.18" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-5579V-19.12.0-19.12.22", "P-5579V-22.12.0-22.12.12", "P-5579V-20.12.0-20.12.21", "P-5579V-23.12.0-23.12.2", "P-5579V-21.12.0-21.12.18" ] } ] }, { "acknowledgments": [ { "names": [ "AWS Security" ], "organization": "Amazon" } ], "cve": "CVE-2024-21096", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36248967" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior" ] } ] }, { "cve": "CVE-2024-21097", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36268074" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=3013474.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2024-21098", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "36285993" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:20.3.13", "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.9", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM Enterprise Edition:20.3.13", "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.9", "P-13497V-Oracle GraalVM for JDK:21.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM Enterprise Edition:20.3.13", "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.9", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] } ] }, { "cve": "CVE-2024-21099", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36182748" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011311.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2024-21100", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "36374465" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. While the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3013472.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] } ] }, { "cve": "CVE-2024-21101", "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "36405879" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-8479V-7.5.33 and prior", "P-8479V-7.6.29 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-8479V-7.5.33 and prior", "P-8479V-7.6.29 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-8479V-7.5.33 and prior", "P-8479V-7.6.29 and prior" ] } ] }, { "cve": "CVE-2024-21102", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36275182" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "36405894" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-8479V-7.5.33 and prior", "P-8479V-7.6.29 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-8479V-7.5.33 and prior", "P-8479V-7.6.29 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=3012582.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8479V-8.0.36 and prior", "P-8479V-8.3.0 and prior", "P-8478V-8.0.36 and prior", "P-8478V-8.3.0 and prior", "P-8479V-7.5.33 and prior", "P-8479V-7.6.29 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Maher Azzouzi" ] } ], "cve": "CVE-2024-21103", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36275124" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "cve": "CVE-2024-21104", "ids": [ { "system_name": "Oracle Bug ID of Oracle ZFS Storage Appliance Kit", "text": "32240357" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10026V-8.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10026V-8.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10026V-8.8" ] } ] }, { "cve": "CVE-2024-21105", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "35992090" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=3014318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.0, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "acknowledgments": [ { "names": [ "Reima Ishii" ], "organization": "Graduate School" } ], "cve": "CVE-2024-21106", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36212189" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "Alaa Kachouh" ] }, { "names": [ "Ali Jammal" ] } ], "cve": "CVE-2024-21107", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36339947" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "Zheyu Ma" ] } ], "cve": "CVE-2024-21108", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36355010" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "An Anonymous researcher working with Trend Micro's Zero Day Initiative" ] } ], "cve": "CVE-2024-21109", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36401592" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "An Anonymous researcher working with Trend Micro's Zero Day Initiative" ] } ], "cve": "CVE-2024-21110", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36410931" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "Filip Dragovic" ] }, { "names": [ "Naor Hodorov" ] } ], "cve": "CVE-2024-21111", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36422273" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "ColdEye working with Trend Micro's Zero Day Initiative" ] } ], "cve": "CVE-2024-21112", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36432616" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "dungdm (piers2)" ], "organization": "Viettel Cyber Security working with Trend Micro's Zero Day Initiative" } ], "cve": "CVE-2024-21113", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36432629" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "Bruno PUJOS and Corentin BAYET from REverse Tactics working with Trend Micro's Zero Day Initiative" ] } ], "cve": "CVE-2024-21114", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36432681" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "Cody Gallagher working with Trend Micro's Zero Day Initiative" ] } ], "cve": "CVE-2024-21115", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36432700" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "An Anonymous researcher working with Trend Micro's Zero Day Initiative" ] } ], "cve": "CVE-2024-21116", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36455918" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "acknowledgments": [ { "names": [ "Andrew Ruddick" ], "organization": "Microsoft MSRC Vulnerabilities and Mitigations" } ], "cve": "CVE-2024-21117", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "36282199" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] } ] }, { "acknowledgments": [ { "names": [ "Ali Ahmad and Brandon Perry" ], "organization": "Atredis" } ], "cve": "CVE-2024-21118", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "36365848" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] } ] }, { "acknowledgments": [ { "names": [ "An Anonymous researcher working at Microsoft Vulnerability Research" ] } ], "cve": "CVE-2024-21119", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "36269383" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] } ] }, { "acknowledgments": [ { "names": [ "Andrew Ruddick" ], "organization": "Microsoft MSRC Vulnerabilities and Mitigations" } ], "cve": "CVE-2024-21120", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "36282328" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2276V-8.5.7", "P-2276V-8.5.6" ] } ] }, { "acknowledgments": [ { "names": [ "Bruno PUJOS and Corentin BAYET from REverse Tactics working with Trend Micro's Zero Day Initiative" ] } ], "cve": "CVE-2024-21121", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "36493022" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3014516.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.16" ] } ] }, { "cve": "CVE-2024-21626", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "36399969" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "36472533" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Obserability Services Overlay (runc)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Network Function Cloud Native Environment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Install/Upgrade (runc)). Supported versions that are affected are 23.3.1 and 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Network Function Cloud Native Environment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125(Install/Upgrade)V-23.3.1", "P-14125(Install/Upgrade)V-23.4.0", "P-14125(Obserability Services Overlay)V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125(Install/Upgrade)V-23.3.1", "P-14125(Install/Upgrade)V-23.4.0", "P-14125(Obserability Services Overlay)V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14125(Install/Upgrade)V-23.3.1", "P-14125(Install/Upgrade)V-23.4.0", "P-14125(Obserability Services Overlay)V-23.4.0" ] } ] }, { "cve": "CVE-2024-21634", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "36278153" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Patch (Amazon Ion)). The supported version that is affected is 8.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-8.0.0.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012565.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2283V-8.0.0.1.0" ] } ] }, { "cve": "CVE-2024-21892", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "36317499" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. While the vulnerability is in Oracle GraalVM for JDK, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] } ] }, { "cve": "CVE-2024-22019", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "36317499" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. While the vulnerability is in Oracle GraalVM for JDK, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3012587.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.10", "P-13497V-Oracle GraalVM for JDK:22", "P-13497V-Oracle GraalVM for JDK:21.0.2" ] } ] }, { "cve": "CVE-2024-22195", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14634V-Prior to 24.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "36258143" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: CLI AND SDK (Jinja2)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14634V-Prior to 24.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-Prior to 24.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-Prior to 24.2" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14634V-Prior to 24.2" ] } ] }, { "cve": "CVE-2024-22201", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36344966" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36344983" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.4.0-23.4.2", "P-14121V-23.4.0-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2024-22233", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36370060" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "36370053" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "36370052" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "36370057" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "36370129" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Third Party (Spring Framework)). The supported version that is affected is 24.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Spring Framework)). The supported version that is affected is 23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Spring Framework)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Spring Framework)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Spring Framework)). The supported version that is affected is 9.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14122V-23.4.1", "P-14119V-22.4.0", "P-13940V-9.1.1.7.0", "P-14489V-24.1.0", "P-14119V-23.2.0", "P-14119V-23.1.0", "P-14123V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014203.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014197.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014191.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-22.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14122V-23.4.1", "P-14119V-22.4.0", "P-13940V-9.1.1.7.0", "P-14489V-24.1.0", "P-14119V-23.2.0", "P-14119V-23.1.0", "P-14123V-23.4.0" ] } ] }, { "cve": "CVE-2024-22243", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "36436700" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "36448912" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36503744" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Spring Framework)). Supported versions that are affected are 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Web Services)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Console accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Documaker product of Oracle Insurance Applications (component: Enterprise Edition (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-22.12.0-22.12.12", "P-10354V-23.12.0-23.12.3", "P-14250V-23.4.0" ], "known_not_affected": [ "P-5477V-12.7", "P-5477V-12.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-22.12.0-22.12.12", "P-10354V-23.12.0-23.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-10354V-22.12.0-22.12.12", "P-10354V-23.12.0-23.12.3" ] }, { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14250V-23.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ] } ] }, { "cve": "CVE-2024-22257", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36451777" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "36448854" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36451772" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Security)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14250V-23.4.0", "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-14250V-23.4.0", "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2024-22259", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "36448912" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36503744" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Web Services)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Console accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Documaker product of Oracle Insurance Applications (component: Enterprise Edition (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14250V-23.4.0" ], "known_not_affected": [ "P-5477V-12.7", "P-5477V-12.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14250V-23.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ] } ] }, { "cve": "CVE-2024-23635", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "36304460" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36304461" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (AntiSamy)). The supported version that is affected is 2.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Party Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Party Management accessible data as well as unauthorized read access to a subset of Oracle Banking Party Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (AntiSamy)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-12.2.1.4.0", "P-13929V-2.7.0.0.0", "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012768.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13929V-2.7.0.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-23672", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36451686" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the RDBMS component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-24549", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36451686" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the RDBMS component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(RDBMS)V-19.3-19.22", "P-5(RDBMS)V-21.3-21.13" ] } ] }, { "cve": "CVE-2024-24815", "ids": [ { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36400501" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Enterprise Edition (CKEditor)). Supported versions that are affected are 12.6 and 12.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Documaker, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Documaker accessible data as well as unauthorized read access to a subset of Oracle Documaker accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-12.7", "P-5477V-12.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] } ] }, { "cve": "CVE-2024-24816", "ids": [ { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "36400501" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Enterprise Edition (CKEditor)). Supported versions that are affected are 12.6 and 12.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Documaker, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Documaker accessible data as well as unauthorized read access to a subset of Oracle Documaker accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-12.7", "P-5477V-12.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7", "P-5477V-12.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3013639.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5477V-12.7", "P-5477V-12.6" ] } ] }, { "cve": "CVE-2024-25062", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "36400115" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Observability Services Overlay (libxml2)). The supported version that is affected is 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.4.0" ] } ] }, { "cve": "CVE-2024-25710", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36339079" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "36354163" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "36354295" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "36354180" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "36354191" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "36354190" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "36354379" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "36354237" }, { "system_name": "Oracle Bug ID of Oracle Banking Platform", "text": "36354201" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "36354377" }, { "system_name": "Oracle Bug ID of Oracle Banking Loans Servicing", "text": "36354197" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "36354241" }, { "system_name": "Oracle Bug ID of OPatch", "text": "36323271" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36354231" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36354219" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36354228" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "36354239" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the OPatch product of Oracle Global Lifecycle Management (component: Patch Installer (Apache Commons Compress)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Commons Compress)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Enterprise Data Quality executes to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Commons Compress)). Supported versions that are affected are 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking APIs executes to compromise Oracle Banking APIs. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: Web UI (Apache Commons Compress)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Deposits and Lines of Credit Servicing executes to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Commons Compress)). Supported versions that are affected are 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Digital Experience executes to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Loans Servicing product of Oracle Financial Services Applications (component: Web UI (Apache Commons Compress)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Loans Servicing executes to compromise Oracle Banking Loans Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Loans Servicing. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (Apache Commons Compress)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Platform executes to compromise Oracle Banking Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache Commons Compress)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Element Manager executes to compromise Oracle Communications Element Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General or Others (Apache Commons Compress)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Session Report Manager executes to compromise Oracle Communications Session Report Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: General (Apache Commons Compress)). Supported versions that are affected are 7.4.0-7.4.2, 7.5.0 and 7.5.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Inventory Management executes to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: IP - Installation Upgrade Proc (Apache Commons Compress)). Supported versions that are affected are 2.8.0.0.0, 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0, 3.1.0.0.0, 3.2.0.0.0, 4.0.0.0 and 5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Financial Services Revenue Management and Billing executes to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Compress)). Supported versions that are affected are 19.12.0-19.12.18, 20.12.0-20.12.13 and 21.12.0-21.12.11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Gateway executes to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Commons Compress)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13928V-2.12.0.0.0", "P-10354V-19.12.0-19.12.16", "P-13676V-22.1.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-4516V-7.5.0", "P-14121V-23.4.0-23.4.1", "P-4516V-7.5.1", "P-5322V-4.0.0.0", "P-13927V-2.12.0.0.0", "P-13676V-21.1.0.0.0", "P-5322V-3.2.0.0.0", "P-13676V-22.2.0.0.0", "P-5322V-3.1.0.0.0", "P-10770V-9.0.0-9.0.2", "P-5322V-2.9.0.1.0", "P-10354V-23.12.0-23.12.3", "P-5322V-2.9.0.0.0", "P-9464V-12.2.1.4.0", "P-9178V-2.12.0.0.0", "P-5322V-5.0.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-14119V-23.2.0", "P-10605V-20.12.0-20.12.13", "P-14119V-23.1.0", "P-11052V-9.0.0-9.0.2", "P-10354V-20.12.0-20.12.16", "P-5322V-3.0.0.0.0", "P-12605V-19.2.0.0.0", "P-5242V-14.1.1.0.0", "P-5322V-2.8.0.0.0", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-14119V-22.4.0", "P-4516V-7.4.0-7.4.2", "P-14277V-23.4.0-23.4.2", "P-12605V-22.2.0.0.0" ], "known_not_affected": [ "P-12753V-Prior to 12.2.0.1.42" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-19.2.0.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.12.0.0.0", "P-9178V-2.12.0.0.0", "P-13927V-2.12.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012768.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-22.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014179.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014180.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0", "P-4516V-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3012534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-3.0.0.0.0", "P-5322V-5.0.0.0", "P-5322V-3.1.0.0.0", "P-5322V-2.8.0.0.0", "P-5322V-2.9.0.1.0", "P-5322V-2.9.0.0.0", "P-5322V-4.0.0.0", "P-5322V-3.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012792.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-10354V-23.12.0-23.12.3", "P-10605V-20.12.0-20.12.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12753V-Prior to 12.2.0.1.42" ] }, { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13928V-2.12.0.0.0", "P-10354V-19.12.0-19.12.16", "P-13676V-22.1.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-4516V-7.5.0", "P-14121V-23.4.0-23.4.1", "P-4516V-7.5.1", "P-5322V-4.0.0.0", "P-13927V-2.12.0.0.0", "P-13676V-21.1.0.0.0", "P-5322V-3.2.0.0.0", "P-13676V-22.2.0.0.0", "P-5322V-3.1.0.0.0", "P-10770V-9.0.0-9.0.2", "P-5322V-2.9.0.1.0", "P-10354V-23.12.0-23.12.3", "P-5322V-2.9.0.0.0", "P-9464V-12.2.1.4.0", "P-9178V-2.12.0.0.0", "P-5322V-5.0.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-14119V-23.2.0", "P-10605V-20.12.0-20.12.13", "P-14119V-23.1.0", "P-11052V-9.0.0-9.0.2", "P-10354V-20.12.0-20.12.16", "P-5322V-3.0.0.0.0", "P-12605V-19.2.0.0.0", "P-5242V-14.1.1.0.0", "P-5322V-2.8.0.0.0", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-14119V-22.4.0", "P-4516V-7.4.0-7.4.2", "P-14277V-23.4.0-23.4.2", "P-12605V-22.2.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ] } ] }, { "cve": "CVE-2024-26130", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36358826" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36358835" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.4.0-23.4.2", "P-14121V-23.4.0-23.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14121V-23.4.0-23.4.1", "P-14277V-23.4.0-23.4.2" ] } ] }, { "cve": "CVE-2024-26308", "flags": [ { "date": "2024-04-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36339079" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "36354163" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "36354295" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "36354180" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "36354191" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "36354190" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "36354379" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "36354237" }, { "system_name": "Oracle Bug ID of Oracle Banking Platform", "text": "36354201" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "36354377" }, { "system_name": "Oracle Bug ID of Oracle Banking Loans Servicing", "text": "36354197" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "36354241" }, { "system_name": "Oracle Bug ID of OPatch", "text": "36323271" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36354231" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "36354219" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36354228" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "36354239" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the OPatch product of Oracle Global Lifecycle Management (component: Patch Installer (Apache Commons Compress)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Commons Compress)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Enterprise Data Quality executes to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Commons Compress)). Supported versions that are affected are 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking APIs executes to compromise Oracle Banking APIs. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: Web UI (Apache Commons Compress)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Deposits and Lines of Credit Servicing executes to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Commons Compress)). Supported versions that are affected are 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Digital Experience executes to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Loans Servicing product of Oracle Financial Services Applications (component: Web UI (Apache Commons Compress)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Loans Servicing executes to compromise Oracle Banking Loans Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Loans Servicing. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (Apache Commons Compress)). The supported version that is affected is 2.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Platform executes to compromise Oracle Banking Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 23.4.0-23.4.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 23.4.0-23.4.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install/Upgrade (Apache Commons Compress)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache Commons Compress)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Element Manager executes to compromise Oracle Communications Element Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General or Others (Apache Commons Compress)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Session Report Manager executes to compromise Oracle Communications Session Report Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: General (Apache Commons Compress)). Supported versions that are affected are 7.4.0-7.4.2, 7.5.0 and 7.5.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Inventory Management executes to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: IP - Installation Upgrade Proc (Apache Commons Compress)). Supported versions that are affected are 2.8.0.0.0, 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0, 3.1.0.0.0, 3.2.0.0.0, 4.0.0.0 and 5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Financial Services Revenue Management and Billing executes to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Compress)). Supported versions that are affected are 19.12.0-19.12.18, 20.12.0-20.12.13 and 21.12.0-21.12.11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Gateway executes to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Commons Compress)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13928V-2.12.0.0.0", "P-10354V-19.12.0-19.12.16", "P-13676V-22.1.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-4516V-7.5.0", "P-14121V-23.4.0-23.4.1", "P-4516V-7.5.1", "P-5322V-4.0.0.0", "P-13927V-2.12.0.0.0", "P-13676V-21.1.0.0.0", "P-5322V-3.2.0.0.0", "P-13676V-22.2.0.0.0", "P-5322V-3.1.0.0.0", "P-10770V-9.0.0-9.0.2", "P-5322V-2.9.0.1.0", "P-10354V-23.12.0-23.12.3", "P-5322V-2.9.0.0.0", "P-9464V-12.2.1.4.0", "P-9178V-2.12.0.0.0", "P-5322V-5.0.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-14119V-23.2.0", "P-10605V-20.12.0-20.12.13", "P-14119V-23.1.0", "P-11052V-9.0.0-9.0.2", "P-10354V-20.12.0-20.12.16", "P-5322V-3.0.0.0.0", "P-12605V-19.2.0.0.0", "P-5242V-14.1.1.0.0", "P-5322V-2.8.0.0.0", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-14119V-22.4.0", "P-4516V-7.4.0-7.4.2", "P-14277V-23.4.0-23.4.2", "P-12605V-22.2.0.0.0" ], "known_not_affected": [ "P-12753V-Prior to 12.2.0.1.42" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ], "url": "https://support.oracle.com/rs?type=doc&id=3000005.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3011291.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-19.2.0.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.12.0.0.0", "P-9178V-2.12.0.0.0", "P-13927V-2.12.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012768.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.4.0-23.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3014186.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.4.0-23.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-22.4.0", "P-14119V-23.2.0", "P-14119V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3014196.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014179.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3014180.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0", "P-4516V-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3012534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-3.0.0.0.0", "P-5322V-5.0.0.0", "P-5322V-3.1.0.0.0", "P-5322V-2.8.0.0.0", "P-5322V-2.9.0.1.0", "P-5322V-2.9.0.0.0", "P-5322V-4.0.0.0", "P-5322V-3.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3012792.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-10354V-23.12.0-23.12.3", "P-10605V-20.12.0-20.12.13" ], "url": "https://support.oracle.com/rs?type=doc&id=3010844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12753V-Prior to 12.2.0.1.42" ] }, { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13928V-2.12.0.0.0", "P-10354V-19.12.0-19.12.16", "P-13676V-22.1.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-4516V-7.5.0", "P-14121V-23.4.0-23.4.1", "P-4516V-7.5.1", "P-5322V-4.0.0.0", "P-13927V-2.12.0.0.0", "P-13676V-21.1.0.0.0", "P-5322V-3.2.0.0.0", "P-13676V-22.2.0.0.0", "P-5322V-3.1.0.0.0", "P-10770V-9.0.0-9.0.2", "P-5322V-2.9.0.1.0", "P-10354V-23.12.0-23.12.3", "P-5322V-2.9.0.0.0", "P-9464V-12.2.1.4.0", "P-9178V-2.12.0.0.0", "P-5322V-5.0.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-10605V-19.12.0-19.12.18", "P-10605V-21.12.0-21.12.11", "P-14119V-23.2.0", "P-10605V-20.12.0-20.12.13", "P-14119V-23.1.0", "P-11052V-9.0.0-9.0.2", "P-10354V-20.12.0-20.12.16", "P-5322V-3.0.0.0.0", "P-12605V-19.2.0.0.0", "P-5242V-14.1.1.0.0", "P-5322V-2.8.0.0.0", "P-10354V-22.12.0-22.12.12", "P-10354V-21.12.0-21.12.17", "P-14119V-22.4.0", "P-4516V-7.4.0-7.4.2", "P-14277V-23.4.0-23.4.2", "P-12605V-22.2.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2024-04-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-12753V-Prior to 12.2.0.1.42" ] } ] } ] }