{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright © Oracle. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp" } }, "publisher": { "category": "vendor", "name": "Oracle", "namespace": "https://www.oracle.com" }, "references": [ { "summary": "URL to html version of Advisory", "url": "https://www.oracle.com/security-alerts/cpuapr2025.html" }, { "category": "self", "summary": "URL to CSAF version of Advisory", "url": "https://www.oracle.com/docs/tech/security-alerts/cpuapr2025csaf.json" } ], "title": "Oracle Critical Patch Update Advisory - April 2025 - Oracle CSAF", "tracking": { "current_release_date": "2025-04-21T13:00:00-07:00", "id": "CPUApr2025csaf", "initial_release_date": "2025-04-15T13:00:00-07:00", "revision_history": [ { "date": "2025-04-15T13:00:00-07:00", "number": "1", "summary": "Initial Release" }, { "date": "2025-04-21T13:00:00-07:00", "number": "2", "summary": "Java CVE, PAD and DB Fleet product chanegs" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle BI Publisher Version 12.2.1.4.0", "product": { "name": "Oracle BI Publisher Version 12.2.1.4.0", "product_id": "P-1479V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle BI Publisher Version 7.6.0.0.0", "product": { "name": "Oracle BI Publisher Version 7.6.0.0.0", "product_id": "P-1479V-7.6.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle BI Publisher" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product_id": "P-2025V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*" } } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 7.6.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 7.6.0.0.0", "product_id": "P-2025V-7.6.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*" } } } ], "category": "product_name", "name": "Oracle Business Intelligence Enterprise Edition" } ], "category": "product_family", "name": "Oracle Analytics" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Express Version 23.2.15", "product": { "name": "Oracle Application Express Version 23.2.15", "product_id": "P-1348V-23.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:23.2.15:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 23.2.16", "product": { "name": "Oracle Application Express Version 23.2.16", "product_id": "P-1348V-23.2.16", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:23.2.16:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.1.10", "product": { "name": "Oracle Application Express Version 24.1.10", "product_id": "P-1348V-24.1.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.1.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.1.9", "product": { "name": "Oracle Application Express Version 24.1.9", "product_id": "P-1348V-24.1.9", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.1.9:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.2.3", "product": { "name": "Oracle Application Express Version 24.2.3", "product_id": "P-1348V-24.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.2.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.2.4", "product": { "name": "Oracle Application Express Version 24.2.4", "product_id": "P-1348V-24.2.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.2.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Application Express" } ], "category": "product_family", "name": "Oracle Application Express" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Autonomous Health Framework Version 23.8.0-23.11.0", "product": { "name": "Autonomous Health Framework Version 23.8.0-23.11.0", "product_id": "P-14634V-23.8.0-23.11.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Autonomous Health Framework Version 24.1.0-24.11.0", "product": { "name": "Autonomous Health Framework Version 24.1.0-24.11.0", "product_id": "P-14634V-24.1.0-24.11.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Autonomous Health Framework Version 25.1.0", "product": { "name": "Autonomous Health Framework Version 25.1.0", "product_id": "P-14634V-25.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Autonomous Health Framework Version 25.2.0", "product": { "name": "Autonomous Health Framework Version 25.2.0", "product_id": "P-14634V-25.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Autonomous Health Framework" } ], "category": "product_family", "name": "Oracle Autonomous Health Framework" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Commerce Guided Search Version 11.3.2", "product": { "name": "Oracle Commerce Guided Search Version 11.3.2", "product_id": "P-9633V-11.3.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Guided Search Version 11.4.0", "product": { "name": "Oracle Commerce Guided Search Version 11.4.0", "product_id": "P-9633V-11.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Commerce Guided Search" }, { "branches": [ { "category": "product_version", "name": "Oracle Commerce Merchandising Version 11.3.0", "product": { "name": "Oracle Commerce Merchandising Version 11.3.0", "product_id": "P-9349V-11.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_merchandising:11.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Merchandising Version 11.3.1", "product": { "name": "Oracle Commerce Merchandising Version 11.3.1", "product_id": "P-9349V-11.3.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_merchandising:11.3.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Merchandising Version 11.3.2", "product": { "name": "Oracle Commerce Merchandising Version 11.3.2", "product_id": "P-9349V-11.3.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_merchandising:11.3.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Commerce Merchandising" }, { "branches": [ { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.0", "product": { "name": "Oracle Commerce Platform Version 11.3.0", "product_id": "P-9348V-11.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.1", "product": { "name": "Oracle Commerce Platform Version 11.3.1", "product_id": "P-9348V-11.3.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.2", "product": { "name": "Oracle Commerce Platform Version 11.3.2", "product_id": "P-9348V-11.3.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Platform Version 11.4.0", "product": { "name": "Oracle Commerce Platform Version 11.4.0", "product_id": "P-9348V-11.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_platform:11.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Commerce Platform" } ], "category": "product_family", "name": "Oracle Commerce" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Management Cloud Engine Version 24.3.0", "product": { "name": "Management Cloud Engine Version 24.3.0", "product_id": "P-14252V-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:management_cloud_engine:24.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Management Cloud Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 24.2.0-24.2.2", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 24.2.0-24.2.2", "product_id": "P-14121V-24.2.0-24.2.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0-24.2.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Binding Support Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Certificate Management Version 24.2.2", "product": { "name": "Oracle Communications Cloud Native Core Certificate Management Version 24.2.2", "product_id": "P-14868V-24.2.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Certificate Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 24.2.2", "product": { "name": "Oracle Communications Cloud Native Core Console Version 24.2.2", "product_id": "P-14250V-24.2.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Console" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core DBTier Version 24.2.3", "product": { "name": "Oracle Communications Cloud Native Core DBTier Version 24.2.3", "product_id": "P-14974V-24.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core DBTier Version 24.2.4", "product": { "name": "Oracle Communications Cloud Native Core DBTier Version 24.2.4", "product_id": "P-14974V-24.2.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core DBTier Version 24.3.0", "product": { "name": "Oracle Communications Cloud Native Core DBTier Version 24.3.0", "product_id": "P-14974V-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core DBTier" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 24.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 24.2.0", "product_id": "P-14489V-24.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Data Analytics Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 24.2.5", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 24.2.5", "product_id": "P-14125V-24.2.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 25.1.100", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 25.1.100", "product_id": "P-14125V-25.1.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:25.1.100:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 24.2.3", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 24.2.3", "product_id": "P-14118V-24.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Repository Function" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Policy Version 24.2.0-24.2.4", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 24.2.0-24.2.4", "product_id": "P-14277V-24.2.0-24.2.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Policy Version 24.2.1-24.2.4", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 24.2.1-24.2.4", "product_id": "P-14277V-24.2.1-24.2.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.1-24.2.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Policy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 24.2.2", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 24.2.2", "product_id": "P-14123V-24.2.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 24.2.3", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 24.2.3", "product_id": "P-14123V-24.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 24.3.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 24.3.0", "product_id": "P-14123V-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 24.2.0", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 24.2.0", "product_id": "P-14117V-24.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 24.2.3", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 24.2.3", "product_id": "P-14117V-24.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 24.3.0", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 24.3.0", "product_id": "P-14117V-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.100", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.100", "product_id": "P-14117V-25.1.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:25.1.100:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Service Communication Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 22.4.0", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 22.4.0", "product_id": "P-14119V-22.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.0-23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.0-23.4.0", "product_id": "P-14119V-23.1.0-23.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0-23.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 24.2.3", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 24.2.3", "product_id": "P-14119V-24.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 25.1.100", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 25.1.100", "product_id": "P-14119V-25.1.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:25.1.100:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Unified Data Repository" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product_id": "P-10899V-9.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Diameter Signaling Router" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications EAGLE Element Management System Version 46.6", "product": { "name": "Oracle Communications EAGLE Element Management System Version 46.6", "product_id": "P-11125V-46.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications EAGLE Element Management System" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Element Manager Version 9.0.0", "product": { "name": "Oracle Communications Element Manager Version 9.0.0", "product_id": "P-11052V-9.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Element Manager Version 9.0.0-9.0.3", "product": { "name": "Oracle Communications Element Manager Version 9.0.0-9.0.3", "product_id": "P-11052V-9.0.0-9.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0-9.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Element Manager Version 9.0.1", "product": { "name": "Oracle Communications Element Manager Version 9.0.1", "product_id": "P-11052V-9.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Element Manager Version 9.0.2", "product": { "name": "Oracle Communications Element Manager Version 9.0.2", "product_id": "P-11052V-9.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Element Manager Version 9.0.3", "product": { "name": "Oracle Communications Element Manager Version 9.0.3", "product_id": "P-11052V-9.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Element Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director Version 24.1.0", "product": { "name": "Oracle Communications Network Analytics Data Director Version 24.1.0", "product_id": "P-14547V-24.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Network Analytics Data Director Version 24.1.0-24.3.0", "product": { "name": "Oracle Communications Network Analytics Data Director Version 24.1.0-24.3.0", "product_id": "P-14547V-24.1.0-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0-24.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director Version 24.2.0", "product": { "name": "Oracle Communications Network Analytics Data Director Version 24.2.0", "product_id": "P-14547V-24.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director Version 24.3.0", "product": { "name": "Oracle Communications Network Analytics Data Director Version 24.3.0", "product_id": "P-14547V-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Network Analytics Data Director" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 5.2", "product": { "name": "Oracle Communications Operations Monitor Version 5.2", "product_id": "P-10761V-5.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Operations Monitor" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Policy Management Version 15.0.0.0.0", "product": { "name": "Oracle Communications Policy Management Version 15.0.0.0.0", "product_id": "P-10900V-15.0.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Policy Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Session Border Controller Version 10.0.0", "product": { "name": "Oracle Communications Session Border Controller Version 10.0.0", "product_id": "P-10750V-10.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:10.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Session Border Controller Version 9.2.0", "product": { "name": "Oracle Communications Session Border Controller Version 9.2.0", "product_id": "P-10750V-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Session Border Controller Version 9.3.0", "product": { "name": "Oracle Communications Session Border Controller Version 9.3.0", "product_id": "P-10750V-9.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Session Border Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Session Report Manager Version 9.0.0", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.0", "product_id": "P-10770V-9.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.3", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.3", "product_id": "P-10770V-9.0.0-9.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0-9.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Session Report Manager Version 9.0.1", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.1", "product_id": "P-10770V-9.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Session Report Manager Version 9.0.2", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.2", "product_id": "P-10770V-9.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Session Report Manager Version 9.0.3", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.3", "product_id": "P-10770V-9.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Session Report Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications User Data Repository Version 14.0.0", "product": { "name": "Oracle Communications User Data Repository Version 14.0.0", "product_id": "P-11108V-14.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications User Data Repository Version 15.0.0", "product": { "name": "Oracle Communications User Data Repository Version 15.0.0", "product_id": "P-11108V-15.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:15.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications User Data Repository Version 15.0.1", "product": { "name": "Oracle Communications User Data Repository Version 15.0.1", "product_id": "P-11108V-15.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:15.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications User Data Repository Version 15.0.2", "product": { "name": "Oracle Communications User Data Repository Version 15.0.2", "product_id": "P-11108V-15.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:15.0.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications User Data Repository" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Communications Broker Version 4.1.0", "product": { "name": "Oracle Enterprise Communications Broker Version 4.1.0", "product_id": "P-10758V-4.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_communications_broker:4.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Communications Broker Version 4.2.0", "product": { "name": "Oracle Enterprise Communications Broker Version 4.2.0", "product_id": "P-10758V-4.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_communications_broker:4.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Communications Broker" }, { "branches": [ { "category": "product_version", "name": "Oracle SD-WAN Aware Version 9.0.1.11", "product": { "name": "Oracle SD-WAN Aware Version 9.0.1.11", "product_id": "P-13941V-9.0.1.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:sd-wan_aware:9.0.1.11:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle SD-WAN Aware" }, { "branches": [ { "category": "product_version", "name": "Oracle SD-WAN Edge Version 9.1.1.9", "product": { "name": "Oracle SD-WAN Edge Version 9.1.1.9", "product_id": "P-13940V-9.1.1.9", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:sd-wan_edge:9.1.1.9:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle SD-WAN Edge" } ], "category": "product_family", "name": "Oracle Communications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management(Platform) Version 12.0.0.4.0-12.0.0.8.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Platform) Version 12.0.0.4.0-12.0.0.8.0", "product_id": "P-2136(Platform)V-12.0.0.4.0-12.0.0.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management(Security) Version 12.0.0.4.0-12.0.0.8.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Security) Version 12.0.0.4.0-12.0.0.8.0", "product_id": "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Billing and Revenue Management(Platform) Version 12.0.0.8.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Platform) Version 12.0.0.8.0", "product_id": "P-2136(Platform)V-12.0.0.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.8.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.0.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.0.0.0", "product_id": "P-2136(Platform)V-15.0.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.0.0.0-15.0.1.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.0.0.0-15.0.1.0.0", "product_id": "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0-15.0.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management(Security) Version 15.0.0.0.0-15.0.1.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Security) Version 15.0.0.0.0-15.0.1.0.0", "product_id": "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0-15.0.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Billing and Revenue Management(Connection Manager) Version 15.0.1.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Connection Manager) Version 15.0.1.0.0", "product_id": "P-2136(Connection Manager)V-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.1.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.1.0.0", "product_id": "P-2136(Platform)V-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Billing and Revenue Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Messaging Server Version 8.1.0.26.0", "product": { "name": "Oracle Communications Messaging Server Version 8.1.0.26.0", "product_id": "P-8496V-8.1.0.26.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Messaging Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications MetaSolv Solution Version 6.3.1", "product": { "name": "Oracle Communications MetaSolv Solution Version 6.3.1", "product_id": "P-2267V-6.3.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications MetaSolv Solution" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 12.0.6.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 12.0.6.0.0", "product_id": "P-4623V-12.0.6.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 15.0.0.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 15.0.0.0.0", "product_id": "P-4623V-15.0.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 15.0.1.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 15.0.1.0.0", "product_id": "P-4623V-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Network Charging and Control" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.3.6", "product": { "name": "Oracle Communications Network Integrity Version 7.3.6", "product_id": "P-4491V-7.3.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.4.0", "product": { "name": "Oracle Communications Network Integrity Version 7.4.0", "product_id": "P-4491V-7.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.5.0", "product": { "name": "Oracle Communications Network Integrity Version 7.5.0", "product_id": "P-4491V-7.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.5.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Network Integrity" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Order and Service Management(Security) Version 7.4.0", "product": { "name": "Oracle Communications Order and Service Management(Security) Version 7.4.0", "product_id": "P-2270(Security)V-7.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.0", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.0", "product_id": "P-2270V-7.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management(Security) Version 7.4.1", "product": { "name": "Oracle Communications Order and Service Management(Security) Version 7.4.1", "product_id": "P-2270(Security)V-7.4.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.1", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.1", "product_id": "P-2270V-7.4.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management(Security) Version 7.5.0", "product": { "name": "Oracle Communications Order and Service Management(Security) Version 7.5.0", "product_id": "P-2270(Security)V-7.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.5.0", "product": { "name": "Oracle Communications Order and Service Management Version 7.5.0", "product_id": "P-2270V-7.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Order and Service Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Pricing Design Center Version 12.0.0.4.0-12.0.0.8.0", "product": { "name": "Oracle Communications Pricing Design Center Version 12.0.0.4.0-12.0.0.8.0", "product_id": "P-9437V-12.0.0.4.0-12.0.0.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Pricing Design Center Version 15.0.0.0.0", "product": { "name": "Oracle Communications Pricing Design Center Version 15.0.0.0.0", "product_id": "P-9437V-15.0.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Pricing Design Center Version 15.0.1.0.0", "product": { "name": "Oracle Communications Pricing Design Center Version 15.0.1.0.0", "product_id": "P-9437V-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Pricing Design Center" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 8.0.0.4.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 8.0.0.4.0", "product_id": "P-2283V-8.0.0.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 8.1.0.2.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 8.1.0.2.0", "product_id": "P-2283V-8.1.0.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Service Catalog and Design" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Unified Assurance Version 6.0", "product": { "name": "Oracle Communications Unified Assurance Version 6.0", "product_id": "P-14597V-6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 6.0-6.1", "product": { "name": "Oracle Communications Unified Assurance Version 6.0-6.1", "product_id": "P-14597V-6.0-6.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0-6.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Unified Assurance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Unified Inventory Management Version 7.4.0-7.4.2", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.0-7.4.2", "product_id": "P-4516V-7.4.0-7.4.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0-7.4.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product_id": "P-4516V-7.4.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product_id": "P-4516V-7.4.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product_id": "P-4516V-7.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Unified Inventory Management Version 7.5.0-7.5.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.0-7.5.1", "product_id": "P-4516V-7.5.0-7.5.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0-7.5.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.5.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.1", "product_id": "P-4516V-7.5.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.6.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.6.0", "product_id": "P-4516V-7.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.7.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.7.0", "product_id": "P-4516V-7.7.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.7.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Unified Inventory Management" } ], "category": "product_family", "name": "Oracle Communications Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Primavera Gateway Version 20.12.0-20.12.17", "product": { "name": "Primavera Gateway Version 20.12.0-20.12.17", "product_id": "P-10605V-20.12.0-20.12.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_gateway:20.12.0-20.12.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Gateway Version 21.12.0-21.12.15", "product": { "name": "Primavera Gateway Version 21.12.0-21.12.15", "product_id": "P-10605V-21.12.0-21.12.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_gateway:21.12.0-21.12.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Primavera Gateway" }, { "branches": [ { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0-22.12.18", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0-22.12.18", "product_id": "P-5579V-22.12.0-22.12.18", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:22.12.0-22.12.18:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 23.12.0-23.12.13", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 23.12.0-23.12.13", "product_id": "P-5579V-23.12.0-23.12.13", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:23.12.0-23.12.13:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 24.12.0-24.12.2", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 24.12.0-24.12.2", "product_id": "P-5579V-24.12.0-24.12.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:24.12.0-24.12.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Primavera P6 Enterprise Project Portfolio Management" }, { "branches": [ { "category": "product_version_range", "name": "Primavera Unifier Version 20.12.0-20.12.16", "product": { "name": "Primavera Unifier Version 20.12.0-20.12.16", "product_id": "P-10354V-20.12.0-20.12.16", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:20.12.0-20.12.16:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 21.12.0-21.12.17", "product": { "name": "Primavera Unifier Version 21.12.0-21.12.17", "product_id": "P-10354V-21.12.0-21.12.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:21.12.0-21.12.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 22.12.0-22.12.15", "product": { "name": "Primavera Unifier Version 22.12.0-22.12.15", "product_id": "P-10354V-22.12.0-22.12.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:22.12.0-22.12.15:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 23.12.0-23.12.13", "product": { "name": "Primavera Unifier Version 23.12.0-23.12.13", "product_id": "P-10354V-23.12.0-23.12.13", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:23.12.0-23.12.13:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 24.12.0-24.12.3", "product": { "name": "Primavera Unifier Version 24.12.0-24.12.3", "product_id": "P-10354V-24.12.0-24.12.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:24.12.0-24.12.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Primavera Unifier" } ], "category": "product_family", "name": "Oracle Construction and Engineering" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Database Server(Fleet Patching and Provisioning) Version 19.3-19.26", "product": { "name": "Oracle Database Server(Fleet Patching and Provisioning) Version 19.3-19.26", "product_id": "P-5(Fleet Patching and Provisioning)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_fleet_patching_and_provisioning:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 19.3-19.26", "product": { "name": "Oracle Database Server(Java VM) Version 19.3-19.26", "product_id": "P-5(Java VM)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Grid) Version 19.3-19.26", "product": { "name": "Oracle Database Server(Oracle Database Grid) Version 19.3-19.26", "product_id": "P-5(Oracle Database Grid)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_grid:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Perl) Version 19.3-19.26", "product": { "name": "Oracle Database Server(Perl) Version 19.3-19.26", "product_id": "P-5(Perl)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_perl:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RAS Security) Version 19.3-19.26", "product": { "name": "Oracle Database Server(RAS Security) Version 19.3-19.26", "product_id": "P-5(RAS Security)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_ras_security:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS Listener) Version 19.3-19.26", "product": { "name": "Oracle Database Server(RDBMS Listener) Version 19.3-19.26", "product_id": "P-5(RDBMS Listener)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_rdbms_listener:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(XML Database) Version 19.3-19.26", "product": { "name": "Oracle Database Server(XML Database) Version 19.3-19.26", "product_id": "P-5(XML Database)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_xml_database:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Spatial and Graph Mapviewer) Version 19.3-19.26", "product": { "name": "Oracle Database Server(Oracle Spatial and Graph Mapviewer) Version 19.3-19.26", "product_id": "P-619(Oracle Spatial and Graph Mapviewer)V-19.3-19.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_e_spatial_and_graph_mapviewer:19.3-19.26:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 21.3-21.17", "product": { "name": "Oracle Database Server(Java VM) Version 21.3-21.17", "product_id": "P-5(Java VM)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Grid) Version 21.3-21.17", "product": { "name": "Oracle Database Server(Oracle Database Grid) Version 21.3-21.17", "product_id": "P-5(Oracle Database Grid)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_grid:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.17", "product": { "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.17", "product_id": "P-5(Oracle Database Workload Manager)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_workload_manager:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Perl) Version 21.3-21.17", "product": { "name": "Oracle Database Server(Perl) Version 21.3-21.17", "product_id": "P-5(Perl)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_perl:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RAS Security) Version 21.3-21.17", "product": { "name": "Oracle Database Server(RAS Security) Version 21.3-21.17", "product_id": "P-5(RAS Security)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_ras_security:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS Listener) Version 21.3-21.17", "product": { "name": "Oracle Database Server(RDBMS Listener) Version 21.3-21.17", "product_id": "P-5(RDBMS Listener)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_rdbms_listener:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(XML Database) Version 21.3-21.17", "product": { "name": "Oracle Database Server(XML Database) Version 21.3-21.17", "product_id": "P-5(XML Database)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_xml_database:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Spatial and Graph Mapviewer) Version 21.3-21.17", "product": { "name": "Oracle Database Server(Oracle Spatial and Graph Mapviewer) Version 21.3-21.17", "product_id": "P-619(Oracle Spatial and Graph Mapviewer)V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_e_spatial_and_graph_mapviewer:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 23.4-23.7", "product": { "name": "Oracle Database Server(Java VM) Version 23.4-23.7", "product_id": "P-5(Java VM)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database SQLCl) Version 23.4-23.7", "product": { "name": "Oracle Database Server(Oracle Database SQLCl) Version 23.4-23.7", "product_id": "P-5(Oracle Database SQLCl)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_sqlcl:23.4-23.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database) Version 23.4-23.7", "product": { "name": "Oracle Database Server(Oracle Database) Version 23.4-23.7", "product_id": "P-5(Oracle Database)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_:23.4-23.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Perl) Version 23.4-23.7", "product": { "name": "Oracle Database Server(Perl) Version 23.4-23.7", "product_id": "P-5(Perl)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_perl:23.4-23.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RAS Security) Version 23.4-23.7", "product": { "name": "Oracle Database Server(RAS Security) Version 23.4-23.7", "product_id": "P-5(RAS Security)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_ras_security:23.4-23.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS Listener) Version 23.4-23.7", "product": { "name": "Oracle Database Server(RDBMS Listener) Version 23.4-23.7", "product_id": "P-5(RDBMS Listener)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_rdbms_listener:23.4-23.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(XML Database) Version 23.4-23.7", "product": { "name": "Oracle Database Server(XML Database) Version 23.4-23.7", "product_id": "P-5(XML Database)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_xml_database:23.4-23.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Spatial and Graph Mapviewer) Version 23.4-23.7", "product": { "name": "Oracle Database Server(Oracle Spatial and Graph Mapviewer) Version 23.4-23.7", "product_id": "P-619(Oracle Spatial and Graph Mapviewer)V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_e_spatial_and_graph_mapviewer:23.4-23.7:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Database Server" } ], "category": "product_family", "name": "Oracle Database Server" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Application Object Library Version 12.2.3-12.2.14", "product": { "name": "Oracle Application Object Library Version 12.2.3-12.2.14", "product_id": "P-510V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_object_library:12.2.3-12.2.14:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Application Object Library Version 12.2.5-12.2.14", "product": { "name": "Oracle Application Object Library Version 12.2.5-12.2.14", "product_id": "P-510V-12.2.5-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_object_library:12.2.5-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Application Object Library" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Framework Version 12.2.3-12.2.14", "product": { "name": "Oracle Applications Framework Version 12.2.3-12.2.14", "product_id": "P-1472V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:applications_framework:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Applications Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Technology Stack Version 12.2.3-12.2.14", "product": { "name": "Oracle Applications Technology Stack Version 12.2.3-12.2.14", "product_id": "P-1745V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:applications_technology_stack:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Applications Technology Stack" }, { "branches": [ { "category": "product_version_range", "name": "Oracle CRM Technical Foundation Version 12.2.3-12.2.14", "product": { "name": "Oracle CRM Technical Foundation Version 12.2.3-12.2.14", "product_id": "P-1199V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:crm_technical_foundation:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle CRM Technical Foundation" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Common Applications Version 12.2.3-12.2.14", "product": { "name": "Oracle Common Applications Version 12.2.3-12.2.14", "product_id": "P-1198V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:common_applications:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Common Applications" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Configurator Version 12.2.3-12.2.14", "product": { "name": "Oracle Configurator Version 12.2.3-12.2.14", "product_id": "P-31V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:configurator:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Configurator" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Enterprise Command Center Framework Version ECC:12-13", "product": { "name": "Oracle Enterprise Command Center Framework Version ECC:12-13", "product_id": "P-13788V-ECC:12-13", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_command_center_framework:12-13:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Command Center Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Scripting Version 12.2.3-12.2.14", "product": { "name": "Oracle Scripting Version 12.2.3-12.2.14", "product_id": "P-433V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:scripting:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Scripting" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Teleservice Version 12.2.3-12.2.14", "product": { "name": "Oracle Teleservice Version 12.2.3-12.2.14", "product_id": "P-543V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:teleservice:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Teleservice" }, { "branches": [ { "category": "product_version_range", "name": "Oracle User Management Version 12.2.4-12.2.14", "product": { "name": "Oracle User Management Version 12.2.4-12.2.14", "product_id": "P-1475V-12.2.4-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:user_management:12.2.4-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle User Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle iStore Version 12.2.3-12.2.14", "product": { "name": "Oracle iStore Version 12.2.3-12.2.14", "product_id": "P-384V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:istore:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle iStore" }, { "branches": [ { "category": "product_version_range", "name": "Oracle iSupplier Portal Version 12.2.7-12.2.14", "product": { "name": "Oracle iSupplier Portal Version 12.2.7-12.2.14", "product_id": "P-208V-12.2.7-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:isupplier_portal:12.2.7-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle iSupplier Portal" } ], "category": "product_family", "name": "Oracle E-Business Suite" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Testing Suite Version 13.3.0.1", "product": { "name": "Oracle Application Testing Suite Version 13.3.0.1", "product_id": "P-4622V-13.3.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Application Testing Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0.0", "product": { "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0.0", "product_id": "P-1370V-13.5.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform Version 24.1.0.0.0", "product": { "name": "Oracle Enterprise Manager Base Platform Version 24.1.0.0.0", "product_id": "P-1370V-24.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Manager Base Platform" } ], "category": "product_family", "name": "Oracle Enterprise Manager" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Essbase Version 21.7.1.0.0", "product": { "name": "Oracle Essbase Version 21.7.1.0.0", "product_id": "P-4379V-21.7.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:essbase:21.7.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Essbase" } ], "category": "product_family", "name": "Oracle Essbase" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Banking APIs Version 21.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 21.1.0.0.0", "product_id": "P-13676V-21.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 22.1.0.0.0", "product_id": "P-13676V-22.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.2.0.0.0", "product": { "name": "Oracle Banking APIs Version 22.2.0.0.0", "product_id": "P-13676V-22.2.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking APIs" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Process Management Version 14.5.0.0.0-14.7.0.0.0", "product": { "name": "Oracle Banking Corporate Lending Process Management Version 14.5.0.0.0-14.7.0.0.0", "product_id": "P-13701V-14.5.0.0.0-14.7.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending Process Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Digital Experience Version 21.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 21.1.0.0.0", "product_id": "P-12605V-21.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 22.1.0.0.0", "product_id": "P-12605V-22.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.2.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 22.2.0.0.0", "product_id": "P-12605V-22.2.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Digital Experience" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.7.0.7.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.7.0.7.0", "product_id": "P-13304V-14.7.0.7.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Liquidity Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Origination(Maintenance) Version 14.5.0.0.0-14.7.0.0.0", "product": { "name": "Oracle Banking Origination(Maintenance) Version 14.5.0.0.0-14.7.0.0.0", "product_id": "P-14325(Maintenance)V-14.5.0.0.0-14.7.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Banking Origination(Onboarding Batch Processes) Version 14.5.0.0.0-14.7.0.0.0", "product": { "name": "Oracle Banking Origination(Onboarding Batch Processes) Version 14.5.0.0.0-14.7.0.0.0", "product_id": "P-14325(Onboarding Batch Processes)V-14.5.0.0.0-14.7.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Banking Origination Version 14.5.0.0.0-14.7.0.0.0", "product": { "name": "Oracle Banking Origination Version 14.5.0.0.0-14.7.0.0.0", "product_id": "P-14325V-14.5.0.0.0-14.7.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Origination" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7.8", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7.8", "product_id": "P-5680V-8.0.7.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8.6", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8.6", "product_id": "P-5680V-8.0.8.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.1.4", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.1.4", "product_id": "P-5680V-8.1.1.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2.5", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2.5", "product_id": "P-5680V-8.1.2.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Analytical Applications Infrastructure" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product_id": "P-9190V-8.0.8.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.8", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.8", "product_id": "P-9190V-8.1.2.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.9", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.9", "product_id": "P-9190V-8.1.2.9", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Behavior Detection Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Compliance Studio Version 8.1.2.9", "product": { "name": "Oracle Financial Services Compliance Studio Version 8.1.2.9", "product_id": "P-14392V-8.1.2.9", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Compliance Studio" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.7.0", "product": { "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.7.0", "product_id": "P-14276V-8.1.2.7.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Model Management and Governance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0.0.0-7.0.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0.0.0-7.0.0.0.0", "product_id": "P-5322V-2.9.0.0.0-7.0.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 5.1.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 5.1.0.0.0", "product_id": "P-5322V-5.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 6.1.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 6.1.0.0.0", "product_id": "P-5322V-6.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 7.0.0.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 7.0.0.0.0", "product_id": "P-5322V-7.0.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Revenue Management and Billing" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product": { "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product_id": "P-13789V-8.0.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition" } ], "category": "product_family", "name": "Oracle Financial Services Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Hospitality Reporting and Analytics Version 9.1.34-9.1.36", "product": { "name": "Oracle Hospitality Reporting and Analytics Version 9.1.34-9.1.36", "product_id": "P-11599V-9.1.34-9.1.36", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.34-9.1.36:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Hospitality Reporting and Analytics" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Hospitality Simphony Version 19.1-19.7", "product": { "name": "Oracle Hospitality Simphony Version 19.1-19.7", "product_id": "P-11594V-19.1-19.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hospitality_simphony:19.1-19.7:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Hospitality Simphony" } ], "category": "product_family", "name": "Oracle Food and Beverage Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Access Manager Version 12.2.1.4.0", "product": { "name": "Oracle Access Manager Version 12.2.1.4.0", "product_id": "P-5565V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Access Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Activity Monitoring Version 14.1.2.0.0", "product": { "name": "Oracle Business Activity Monitoring Version 14.1.2.0.0", "product_id": "P-1675V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Business Activity Monitoring" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product": { "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product_id": "P-5325V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Business Process Management Suite Version 14.1.2.0.0", "product": { "name": "Oracle Business Process Management Suite Version 14.1.2.0.0", "product_id": "P-5325V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Business Process Management Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Coherence Version 12.2.1.4.0", "product": { "name": "Oracle Coherence Version 12.2.1.4.0", "product_id": "P-2545V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Coherence Version 14.1.1.0.0", "product": { "name": "Oracle Coherence Version 14.1.1.0.0", "product_id": "P-2545V-14.1.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Coherence Version 14.1.2.0.0", "product": { "name": "Oracle Coherence Version 14.1.2.0.0", "product_id": "P-2545V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Coherence" }, { "branches": [ { "category": "product_version", "name": "Oracle Data Integrator Version 12.2.1.4.0", "product": { "name": "Oracle Data Integrator Version 12.2.1.4.0", "product_id": "P-2196V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Data Integrator" }, { "branches": [ { "category": "product_version", "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product_id": "P-1215V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Fusion Middleware MapViewer" }, { "branches": [ { "category": "product_version", "name": "Oracle HTTP Server(Core) Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server(Core) Version 12.2.1.4.0", "product_id": "P-1042(Core)V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle HTTP Server(Mod_Security) Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server(Mod_Security) Version 12.2.1.4.0", "product_id": "P-1042(Mod_Security)V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle HTTP Server(Core) Version 14.1.2.0.0", "product": { "name": "Oracle HTTP Server(Core) Version 14.1.2.0.0", "product_id": "P-1042(Core)V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle HTTP Server(Mod_Security) Version 14.1.2.0.0", "product": { "name": "Oracle HTTP Server(Mod_Security) Version 14.1.2.0.0", "product_id": "P-1042(Mod_Security)V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle HTTP Server" }, { "branches": [ { "category": "product_version", "name": "Oracle JDeveloper Version 12.2.1.4.0", "product": { "name": "Oracle JDeveloper Version 12.2.1.4.0", "product_id": "P-807V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle JDeveloper" }, { "branches": [ { "category": "product_version", "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product": { "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product_id": "P-10198V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Managed File Transfer Version 14.1.2.0.0", "product": { "name": "Oracle Managed File Transfer Version 14.1.2.0.0", "product_id": "P-10198V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Managed File Transfer" }, { "branches": [ { "category": "product_version", "name": "Oracle Outside In Technology Version 8.5.7", "product": { "name": "Oracle Outside In Technology Version 8.5.7", "product_id": "P-2276V-8.5.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Outside In Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle SOA Suite Version 12.2.1.4.0", "product": { "name": "Oracle SOA Suite Version 12.2.1.4.0", "product_id": "P-1162V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle SOA Suite Version 14.1.2.0.0", "product": { "name": "Oracle SOA Suite Version 14.1.2.0.0", "product_id": "P-1162V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle SOA Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Service Bus Version 12.2.1.4.0", "product": { "name": "Oracle Service Bus Version 12.2.1.4.0", "product_id": "P-5308V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Service Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Forms Recognition Version 14.1.1.0.0", "product": { "name": "Oracle WebCenter Forms Recognition Version 14.1.1.0.0", "product_id": "P-5746V-14.1.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle WebCenter Forms Recognition" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product_id": "P-1696V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle WebCenter Portal" }, { "branches": [ { "category": "product_version", "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product": { "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product_id": "P-5242V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product": { "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product_id": "P-5242V-14.1.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle WebLogic Server" } ], "category": "product_family", "name": "Oracle Fusion Middleware" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.10", "product": { "name": "GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.10", "product_id": "P-14015V-19.1.0.0.0-19.1.0.0.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "GoldenGate Stream Analytics" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Version 19.1.0.0.0-19.26.0.0.250219", "product": { "name": "Oracle GoldenGate Version 19.1.0.0.0-19.26.0.0.250219", "product_id": "P-5757V-19.1.0.0.0-19.26.0.0.250219", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Version 21.3-21.17", "product": { "name": "Oracle GoldenGate Version 21.3-21.17", "product_id": "P-5757V-21.3-21.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Version 23.4-23.7", "product": { "name": "Oracle GoldenGate Version 23.4-23.7", "product_id": "P-5757V-23.4-23.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.7:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle GoldenGate" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Veridata Version 12.2.1.4.0-12.2.1.4.241210", "product": { "name": "Oracle GoldenGate Veridata Version 12.2.1.4.0-12.2.1.4.241210", "product_id": "P-5758V-12.2.1.4.0-12.2.1.4.241210", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_veridata:12.2.1.4.0-12.2.1.4.241210:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle GoldenGate Veridata" } ], "category": "product_family", "name": "Oracle GoldenGate" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Graph Server and Client Version 23.4.3", "product": { "name": "Graph Server and Client Version 23.4.3", "product_id": "P-14069V-23.4.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Graph Server and Client Version 23.4.4", "product": { "name": "Graph Server and Client Version 23.4.4", "product_id": "P-14069V-23.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Graph Server and Client Version 24.3.0", "product": { "name": "Graph Server and Client Version 24.3.0", "product_id": "P-14069V-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Graph Server and Client Version 24.4.0", "product": { "name": "Graph Server and Client Version 24.4.0", "product_id": "P-14069V-24.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Graph Server and Client" } ], "category": "product_family", "name": "Oracle Graph Server and Client" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 23.2.1", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 23.2.1", "product_id": "P-11607V-23.2.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:23.2.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Hospitality Cruise Shipboard Property Management System" } ], "category": "product_family", "name": "Oracle Hospitality Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Financial Reporting Version 11.2.19.0.000", "product": { "name": "Oracle Hyperion Financial Reporting Version 11.2.19.0.000", "product_id": "P-8776V-11.2.19.0.000", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.19.0.000:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Hyperion Financial Reporting" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Infrastructure Technology Version 11.2.19.0.000", "product": { "name": "Oracle Hyperion Infrastructure Technology Version 11.2.19.0.000", "product_id": "P-4392V-11.2.19.0.000", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.19.0.000:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Hyperion Infrastructure Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle Smart View for Office Version 24.200", "product": { "name": "Oracle Smart View for Office Version 24.200", "product_id": "P-4407V-24.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:smart_view_for_office:24.200:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Smart View for Office" } ], "category": "product_family", "name": "Oracle Hyperion" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Documaker Version 12.7.1.6", "product": { "name": "Oracle Documaker Version 12.7.1.6", "product_id": "P-5477V-12.7.1.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:documaker:12.7.1.6:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Documaker Version 12.7.2.3", "product": { "name": "Oracle Documaker Version 12.7.2.3", "product_id": "P-5477V-12.7.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:documaker:12.7.2.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Documaker Version 13.0.0.1", "product": { "name": "Oracle Documaker Version 13.0.0.1", "product_id": "P-5477V-13.0.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:documaker:13.0.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Documaker" } ], "category": "product_family", "name": "Oracle Insurance Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Tools Version 9.2.0.0-9.2.9.2", "product": { "name": "JD Edwards EnterpriseOne Tools Version 9.2.0.0-9.2.9.2", "product_id": "P-4781V-9.2.0.0-9.2.9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.0.0-9.2.9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "JD Edwards EnterpriseOne Tools" } ], "category": "product_family", "name": "Oracle JD Edwards" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle GraalVM Enterprise Edition Version 20.3.17", "product": { "name": "Oracle GraalVM Enterprise Edition Version 20.3.17", "product_id": "P-13497V-20.3.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:20.3.17:*:*:*:enterprise:*:*:*" } } }, { "category": "product_version", "name": "Oracle GraalVM Enterprise Edition Version 21.3.13", "product": { "name": "Oracle GraalVM Enterprise Edition Version 21.3.13", "product_id": "P-13497V-21.3.13", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:21.3.13:*:*:*:enterprise:*:*:*" } } } ], "category": "product_name", "name": "Oracle GraalVM Enterprise Edition" }, { "branches": [ { "category": "product_version", "name": "Oracle GraalVM for JDK Version 17.0.14", "product": { "name": "Oracle GraalVM for JDK Version 17.0.14", "product_id": "P-13497V-17.0.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.14:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version 21.0.6", "product": { "name": "Oracle GraalVM for JDK Version 21.0.6", "product_id": "P-13497V-21.0.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.6:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version 24", "product": { "name": "Oracle GraalVM for JDK Version 24", "product_id": "P-13497V-24", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:24:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle GraalVM for JDK" }, { "branches": [ { "category": "product_version", "name": "Oracle Java SE Version 11.0.26", "product": { "name": "Oracle Java SE Version 11.0.26", "product_id": "P-856V-11.0.26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:11.0.26:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 17.0.14", "product": { "name": "Oracle Java SE Version 17.0.14", "product_id": "P-856V-17.0.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:17.0.14:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 21.0.6", "product": { "name": "Oracle Java SE Version 21.0.6", "product_id": "P-856V-21.0.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:21.0.6:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 24", "product": { "name": "Oracle Java SE Version 24", "product_id": "P-856V-24", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:24:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 8u441", "product": { "name": "Oracle Java SE Version 8u441", "product_id": "P-856V-8u441", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u441:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 8u441-perf", "product": { "name": "Oracle Java SE Version 8u441-perf", "product_id": "P-856V-8u441-perf", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u441:*:*:*:enterprise_performance:*:*:*" } } } ], "category": "product_name", "name": "Oracle Java SE" } ], "category": "product_family", "name": "Oracle Java SE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "MySQL Client(Client: mysqldump) Version 8.0.0-8.0.41", "product": { "name": "MySQL Client(Client: mysqldump) Version 8.0.0-8.0.41", "product_id": "P-8478(Client: mysqldump)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_client:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Client(Client: mysqldump) Version 8.4.0-8.4.4", "product": { "name": "MySQL Client(Client: mysqldump) Version 8.4.0-8.4.4", "product_id": "P-8478(Client: mysqldump)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_client:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Client(Client: mysqldump) Version 9.0.0-9.2.0", "product": { "name": "MySQL Client(Client: mysqldump) Version 9.0.0-9.2.0", "product_id": "P-8478(Client: mysqldump)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_client:9.0.0-9.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Client" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Cluster Version 7.6.0-7.6.33", "product": { "name": "MySQL Cluster Version 7.6.0-7.6.33", "product_id": "P-8479V-7.6.0-7.6.33", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_cluster:7.6.0-7.6.33:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.0-8.0.41", "product": { "name": "MySQL Cluster Version 8.0.0-8.0.41", "product_id": "P-8479V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_cluster:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.4.0-8.4.4", "product": { "name": "MySQL Cluster Version 8.4.0-8.4.4", "product_id": "P-8479V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_cluster:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Cluster Version 9.0.0-9.2.0", "product": { "name": "MySQL Cluster Version 9.0.0-9.2.0", "product_id": "P-8479V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_cluster:9.0.0-9.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Cluster" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Connectors(Connector/J) Version 9.0.0-9.1.0", "product": { "name": "MySQL Connectors(Connector/J) Version 9.0.0-9.1.0", "product_id": "P-8576(Connector/J)V-9.0.0-9.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_connector\\/j:9.0.0-9.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/C++) Version 9.0.0-9.2.0", "product": { "name": "MySQL Connectors(Connector/C++) Version 9.0.0-9.2.0", "product_id": "P-8576(Connector/C++)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_connector\\/c\\+\\+:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/J) Version 9.0.0-9.2.0", "product": { "name": "MySQL Connectors(Connector/J) Version 9.0.0-9.2.0", "product_id": "P-8576(Connector/J)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_connector\\/j:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/ODBC) Version 9.0.0-9.2.0", "product": { "name": "MySQL Connectors(Connector/ODBC) Version 9.0.0-9.2.0", "product_id": "P-8576(Connector/ODBC)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_connector\\/odbc:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/Python) Version 9.0.0-9.2.0", "product": { "name": "MySQL Connectors(Connector/Python) Version 9.0.0-9.2.0", "product_id": "P-8576(Connector/Python)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_connector\\/python:9.0.0-9.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Connectors" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 8.0.0-8.0.41", "product": { "name": "MySQL Enterprise Backup Version 8.0.0-8.0.41", "product_id": "P-4629V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 8.4.0-8.4.4", "product": { "name": "MySQL Enterprise Backup Version 8.4.0-8.4.4", "product_id": "P-4629V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 9.0.0-9.2.0", "product": { "name": "MySQL Enterprise Backup Version 9.0.0-9.2.0", "product_id": "P-4629V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:9.0.0-9.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Enterprise Backup" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Server(InnoDB) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(InnoDB) Version 8.0.0-8.0.41", "product_id": "P-8478(InnoDB)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Components Services) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: Components Services) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: Components Services)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DDL) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: DDL) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: DDL)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DML) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: DML) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: DML)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Optimizer) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: Optimizer) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Options) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: Options) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: Options)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: PS) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: PS) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: PS)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Packaging) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: Packaging) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: Packaging)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Parser) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: Parser) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: Parser)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Replication) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: Replication) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: Replication)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Stored Procedure) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: Stored Procedure) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: Stored Procedure)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: UDF) Version 8.0.0-8.0.41", "product": { "name": "MySQL Server(Server: UDF) Version 8.0.0-8.0.41", "product_id": "P-8478(Server: UDF)V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "MySQL Server(Server: DDL) Version 8.4.0", "product": { "name": "MySQL Server(Server: DDL) Version 8.4.0", "product_id": "P-8478(Server: DDL)V-8.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(InnoDB) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(InnoDB) Version 8.4.0-8.4.4", "product_id": "P-8478(InnoDB)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Components Services) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: Components Services) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: Components Services)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DDL) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: DDL) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: DDL)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DML) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: DML) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: DML)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Optimizer) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: Optimizer) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Options) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: Options) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: Options)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: PS) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: PS) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: PS)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Packaging) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: Packaging) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: Packaging)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Parser) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: Parser) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: Parser)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Replication) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: Replication) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: Replication)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Stored Procedure) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: Stored Procedure) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: Stored Procedure)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: UDF) Version 8.4.0-8.4.4", "product": { "name": "MySQL Server(Server: UDF) Version 8.4.0-8.4.4", "product_id": "P-8478(Server: UDF)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "MySQL Server(Server: DDL) Version 9.0.0", "product": { "name": "MySQL Server(Server: DDL) Version 9.0.0", "product_id": "P-8478(Server: DDL)V-9.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(InnoDB) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(InnoDB) Version 9.0.0-9.2.0", "product_id": "P-8478(InnoDB)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Components Services) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: Components Services) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: Components Services)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DDL) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: DDL) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: DDL)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DML) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: DML) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: DML)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Optimizer) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: Optimizer) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: Optimizer)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Options) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: Options) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: Options)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: PS) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: PS) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: PS)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Packaging) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: Packaging) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: Packaging)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Parser) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: Parser) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: Parser)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Replication) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: Replication) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: Replication)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Stored Procedure) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: Stored Procedure) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: Stored Procedure)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: UDF) Version 9.0.0-9.2.0", "product": { "name": "MySQL Server(Server: UDF) Version 9.0.0-9.2.0", "product_id": "P-8478(Server: UDF)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Server" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Shell(Shell General / Core Client) Version 8.0.32-8.0.41", "product": { "name": "MySQL Shell(Shell General / Core Client) Version 8.0.32-8.0.41", "product_id": "P-8478(Shell General / Core Client)V-8.0.32-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_shell:8.0.32-8.0.41:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Shell(Shell General / Core Client) Version 8.4.0-8.4.4", "product": { "name": "MySQL Shell(Shell General / Core Client) Version 8.4.0-8.4.4", "product_id": "P-8478(Shell General / Core Client)V-8.4.0-8.4.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_shell:8.4.0-8.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Shell(Shell General / Core Client) Version 9.0.0-9.2.0", "product": { "name": "MySQL Shell(Shell General / Core Client) Version 9.0.0-9.2.0", "product_id": "P-8478(Shell General / Core Client)V-9.0.0-9.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_shell:9.0.0-9.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Shell" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Workbench Version 8.0.0-8.0.41", "product": { "name": "MySQL Workbench Version 8.0.0-8.0.41", "product_id": "P-4627V-8.0.0-8.0.41", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_workbench:8.0.0-8.0.41:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Workbench" } ], "category": "product_family", "name": "Oracle MySQL" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle NoSQL Database Version 1.5.0", "product": { "name": "Oracle NoSQL Database Version 1.5.0", "product_id": "P-13373V-1.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle NoSQL Database Version 1.6.0", "product": { "name": "Oracle NoSQL Database Version 1.6.0", "product_id": "P-13373V-1.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:nosql_database:1.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle NoSQL Database Version 1.6.1", "product": { "name": "Oracle NoSQL Database Version 1.6.1", "product_id": "P-13373V-1.6.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:nosql_database:1.6.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle NoSQL Database" } ], "category": "product_family", "name": "Oracle NoSQL Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise CC Common Application Objects Version 9.2", "product": { "name": "PeopleSoft Enterprise CC Common Application Objects Version 9.2", "product_id": "P-8911V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_cc_common_application_objects:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise CC Common Application Objects" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise HCM Talent Acquisition Manager Version 9.2", "product": { "name": "PeopleSoft Enterprise HCM Talent Acquisition Manager Version 9.2", "product_id": "P-5078V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_talent_acquisition_manager:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise HCM Talent Acquisition Manager" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product_id": "P-5085V-8.60", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.61", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.61", "product_id": "P-5085V-8.61", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.62", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.62", "product_id": "P-5085V-8.62", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.62:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise PeopleTools" } ], "category": "product_family", "name": "Oracle PeopleSoft" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Policy Automation Version 12.2.0-12.2.36", "product": { "name": "Oracle Policy Automation Version 12.2.0-12.2.36", "product_id": "P-5624V-12.2.0-12.2.36", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:policy_automation:12.2.0-12.2.36:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Policy Automation" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Policy Modeling Version 12.2.0-12.2.36", "product": { "name": "Oracle Policy Modeling Version 12.2.0-12.2.36", "product_id": "P-5623V-12.2.0-12.2.36", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:policy_modeling:12.2.0-12.2.36:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Policy Modeling" } ], "category": "product_family", "name": "Oracle Policy Automation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle REST Data Services Version 23.1", "product": { "name": "Oracle REST Data Services Version 23.1", "product_id": "P-9456V-23.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:23.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 23.2", "product": { "name": "Oracle REST Data Services Version 23.2", "product_id": "P-9456V-23.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:23.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 23.3", "product": { "name": "Oracle REST Data Services Version 23.3", "product_id": "P-9456V-23.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:23.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 23.4", "product": { "name": "Oracle REST Data Services Version 23.4", "product_id": "P-9456V-23.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:23.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle REST Data Services" } ], "category": "product_family", "name": "Oracle REST Data Services" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Retail Order Broker Version 19.1", "product": { "name": "Oracle Retail Order Broker Version 19.1", "product_id": "P-11554V-19.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Order Broker" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Store Inventory Management Version 16.0.3.16", "product": { "name": "Oracle Retail Store Inventory Management Version 16.0.3.16", "product_id": "P-1838V-16.0.3.16", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.16:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Store Inventory Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 19.0.6", "product": { "name": "Oracle Retail Xstore Point of Service Version 19.0.6", "product_id": "P-11513V-19.0.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.6:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 20.0.5", "product": { "name": "Oracle Retail Xstore Point of Service Version 20.0.5", "product_id": "P-11513V-20.0.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 21.0.4", "product": { "name": "Oracle Retail Xstore Point of Service Version 21.0.4", "product_id": "P-11513V-21.0.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 22.0.2", "product": { "name": "Oracle Retail Xstore Point of Service Version 22.0.2", "product_id": "P-11513V-22.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:22.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 23.0.2", "product": { "name": "Oracle Retail Xstore Point of Service Version 23.0.2", "product_id": "P-11513V-23.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:23.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 24.0.1", "product": { "name": "Oracle Retail Xstore Point of Service Version 24.0.1", "product_id": "P-11513V-24.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:24.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Xstore Point of Service" } ], "category": "product_family", "name": "Oracle Retail Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle SQL Developer Version 24.3.1.347.1826", "product": { "name": "Oracle SQL Developer Version 24.3.1.347.1826", "product_id": "P-1875V-24.3.1.347.1826", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:sql_developer:24.3.1.347.1826:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle SQL Developer" } ], "category": "product_family", "name": "Oracle SQL Developer" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Secure Backup Version 12.1.0.1", "product": { "name": "Oracle Secure Backup Version 12.1.0.1", "product_id": "P-1522V-12.1.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Secure Backup Version 12.1.0.2", "product": { "name": "Oracle Secure Backup Version 12.1.0.2", "product_id": "P-1522V-12.1.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Secure Backup Version 12.1.0.3", "product": { "name": "Oracle Secure Backup Version 12.1.0.3", "product_id": "P-1522V-12.1.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Secure Backup Version 18.1.0.0", "product": { "name": "Oracle Secure Backup Version 18.1.0.0", "product_id": "P-1522V-18.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Secure Backup Version 18.1.0.1", "product": { "name": "Oracle Secure Backup Version 18.1.0.1", "product_id": "P-1522V-18.1.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Secure Backup Version 18.1.0.2", "product": { "name": "Oracle Secure Backup Version 18.1.0.2", "product_id": "P-1522V-18.1.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Secure Backup Version 19.1.0.0", "product": { "name": "Oracle Secure Backup Version 19.1.0.0", "product_id": "P-1522V-19.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Secure Backup" } ], "category": "product_family", "name": "Oracle Secure Backup" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Cloud Applications Version 17.0-24.11", "product": { "name": "Siebel CRM Cloud Applications Version 17.0-24.11", "product_id": "P-14107V-17.0-24.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_cloud_applications:17.0-24.11:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Siebel CRM Cloud Applications Version 17.0-24.12", "product": { "name": "Siebel CRM Cloud Applications Version 17.0-24.12", "product_id": "P-14107V-17.0-24.12", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_cloud_applications:17.0-24.12:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM Cloud Applications" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Deployment Version 17.0-25.2", "product": { "name": "Siebel CRM Deployment Version 17.0-25.2", "product_id": "P-9019V-17.0-25.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_deployment:17.0-25.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM Deployment" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM End User Version 24.7-25.2", "product": { "name": "Siebel CRM End User Version 24.7-25.2", "product_id": "P-9011V-24.7-25.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_end_user:24.7-25.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM End User" } ], "category": "product_family", "name": "Oracle Siebel CRM" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Agile Engineering Data Management Version 6.2.1", "product": { "name": "Oracle Agile Engineering Data Management Version 6.2.1", "product_id": "P-4436V-6.2.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Agile Engineering Data Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Demantra Demand Management Version 12.2.6-12.2.14", "product": { "name": "Oracle Demantra Demand Management Version 12.2.6-12.2.14", "product_id": "P-2100V-12.2.6-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:demantra_demand_management:12.2.6-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Demantra Demand Management" } ], "category": "product_family", "name": "Oracle Supply Chain" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "OSS Support Tools(Services Tools Bundle) Version 18.1-18.4", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 18.1-18.4", "product_id": "P-1330(Services Tools Bundle)V-18.1-18.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:18.1-18.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "OSS Support Tools(Services Tools Bundle) Version 19.1-19.4", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 19.1-19.4", "product_id": "P-1330(Services Tools Bundle)V-19.1-19.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:19.1-19.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "OSS Support Tools(Diagnostic Assistant) Version 2.11.0-2.12.46", "product": { "name": "OSS Support Tools(Diagnostic Assistant) Version 2.11.0-2.12.46", "product_id": "P-1330(Diagnostic Assistant)V-2.11.0-2.12.46", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:2.11.0-2.12.46:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "OSS Support Tools(Services Tools Bundle) Version 20.1-20.4", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 20.1-20.4", "product_id": "P-1330(Services Tools Bundle)V-20.1-20.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:20.1-20.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "OSS Support Tools(Services Tools Bundle) Version 22.2", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 22.2", "product_id": "P-1330(Services Tools Bundle)V-22.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:22.2:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "OSS Support Tools(Services Tools Bundle) Version 23.1-23.4", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 23.1-23.4", "product_id": "P-1330(Services Tools Bundle)V-23.1-23.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:23.1-23.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "OSS Support Tools(Services Tools Bundle) Version 24.1-24.4", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 24.1-24.4", "product_id": "P-1330(Services Tools Bundle)V-24.1-24.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:24.1-24.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "OSS Support Tools(Services Tools Bundle) Version 25.1", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 25.1", "product_id": "P-1330(Services Tools Bundle)V-25.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:25.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "OSS Support Tools(Services Tools Bundle) Version 8.00-8.18", "product": { "name": "OSS Support Tools(Services Tools Bundle) Version 8.00-8.18", "product_id": "P-1330(Services Tools Bundle)V-8.00-8.18", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:oss_support_tools:8.00-8.18:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "OSS Support Tools" } ], "category": "product_family", "name": "Oracle Support Tools" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Solaris Version 11", "product": { "name": "Oracle Solaris Version 11", "product_id": "P-10006V-11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Solaris" } ], "category": "product_family", "name": "Oracle Systems" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.30.0", "product": { "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.30.0", "product_id": "P-1870V-22.1.1.1.0-22.1.1.30.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle TimesTen In-Memory Database" } ], "category": "product_family", "name": "Oracle TimesTen In-Memory Database" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 24.1.0.0.0-24.3.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 24.1.0.0.0-24.3.0.0.0", "product_id": "P-2245V-24.1.0.0.0-24.3.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:24.1.0.0.0-24.3.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.3.0.3.0-4.3.0.6.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.3.0-4.3.0.6.0", "product_id": "P-2245V-4.3.0.3.0-4.3.0.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.3.0.3.0-4.3.0.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product_id": "P-2245V-4.4.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.4.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product_id": "P-2245V-4.4.0.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.4.0.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product_id": "P-2245V-4.4.0.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.4.0.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product_id": "P-2245V-4.5.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.5.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.1.1", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.1.1", "product_id": "P-2245V-4.5.0.1.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.5.0.1.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.1.3", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.1.3", "product_id": "P-2245V-4.5.0.1.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.5.0.1.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Utilities Application Framework" } ], "category": "product_family", "name": "Oracle Utilities Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle VM VirtualBox Version 7.1.6", "product": { "name": "Oracle VM VirtualBox Version 7.1.6", "product_id": "P-8370V-7.1.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:vm_virtualbox:7.1.6:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle VM VirtualBox" } ], "category": "product_family", "name": "Oracle Virtualization" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-1000027", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36462571" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Spring Framework)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2020-11996", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2020-13935", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2020-13936", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36215960" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Velocity Engine)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-13943", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2020-1935", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2020-1938", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2020-25649", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-36518", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-36843", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37707154" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Database SQLCl (EdDSA) component of Oracle Database Server. Supported versions that are affected are 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Database SQLCl (EdDSA) executes to compromise Oracle Database SQLCl (EdDSA). While the vulnerability is in Oracle Database SQLCl (EdDSA), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database SQLCl (EdDSA) accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Database SQLCl)V-23.4-23.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database SQLCl)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database SQLCl)V-23.4-23.7" ] } ] }, { "cve": "CVE-2020-9484", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-23450", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Merchandising", "text": "37544978" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Merchandising product of Oracle Commerce (component: Asset Manager (dojo)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Merchandising. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Merchandising. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9349V-11.3.2", "P-9349V-11.3.1", "P-9349V-11.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9349V-11.3.2", "P-9349V-11.3.1", "P-9349V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078810.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9349V-11.3.2", "P-9349V-11.3.1", "P-9349V-11.3.0" ] } ] }, { "cve": "CVE-2021-24122", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-25122", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-25329", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-28170", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "37374244" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common Core (Jakarta Expression Language)). The supported version that is affected is 14.7.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.7.0.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.7.0.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-13304V-14.7.0.7.0" ] } ] }, { "cve": "CVE-2021-30640", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-31684", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "36960014" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (json-smart)). Supported versions that are affected are 13.5.0.0.0 and 24.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0.0", "P-1370V-24.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070733.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ] } ] }, { "cve": "CVE-2021-33037", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-37714", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37257568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-41079", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-41184", "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "37556237" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle GoldenGate (component: Embedded Web UI for Services (jQueryUI)). Supported versions that are affected are 19.1.0.0.0-19.26.0.0.250219 and 21.3-21.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate. CVSS 3.1 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5757V-19.1.0.0.0-19.26.0.0.250219", "P-5757V-21.3-21.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-19.1.0.0.0-19.26.0.0.250219", "P-5757V-21.3-21.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5757V-19.1.0.0.0-19.26.0.0.250219", "P-5757V-21.3-21.17" ] } ] }, { "cve": "CVE-2021-41973", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37359601" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Apache Mina)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-42575", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.7.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "37570729" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Marketplace (jackson-databind)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-4379V-21.7.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.7.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.7.1.0.0" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.7.1.0.0" ] } ] }, { "cve": "CVE-2021-43980", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2021-46877", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-25762", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2022-34169", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "36230239" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Xalan-Java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14277V-24.2.1-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.1-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-24.2.1-24.2.4" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] } ] }, { "cve": "CVE-2022-34381", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Store Inventory Management", "text": "36299650" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Core (BSAFE Crypto-J)). The supported version that is affected is 16.0.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1838V-16.0.3.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1838V-16.0.3.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1838V-16.0.3.16" ] } ] }, { "cve": "CVE-2022-36033", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37257568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-3786", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37618872" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Database (OpenSSL) component of Oracle Database Server. Supported versions that are affected are 23.4-23.7. Easily exploitable vulnerability allows physical access to compromise Oracle Database (OpenSSL). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database (OpenSSL) accessible data as well as unauthorized read access to a subset of Oracle Database (OpenSSL) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database (OpenSSL). CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Database)V-23.4-23.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-23.4-23.7" ] } ] }, { "cve": "CVE-2022-42003", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-42004", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-42252", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2022-45047", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "36961366" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (Apache Mina SSHD)). Supported versions that are affected are 13.5.0.0.0 and 24.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0.0", "P-1370V-24.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070733.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ] } ] }, { "cve": "CVE-2023-1370", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "36960014" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (json-smart)). Supported versions that are affected are 13.5.0.0.0 and 24.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0.0", "P-1370V-24.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070733.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ] } ] }, { "cve": "CVE-2023-24998", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Store Inventory Management", "text": "35170913" }, { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "37344367" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Core (Apache Commons FileUpload)). The supported version that is affected is 16.0.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Store Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Development Operations (Apache Commons FileUpload)). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0", "P-1479V-7.6.0.0.0", "P-1838V-16.0.3.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1838V-16.0.3.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.6.0.0.0", "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1479V-7.6.0.0.0", "P-1838V-16.0.3.16", "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-25399", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36959755" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pipeline Test Failures (SciPy)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0" ] } ] }, { "cve": "CVE-2023-26464", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Reporting and Analytics", "text": "36250158" }, { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "37403987" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation (Apache Log4j)). Supported versions that are affected are 9.1.34-9.1.36. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Generic (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11599V-9.1.34-9.1.36", "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11599V-9.1.34-9.1.36" ], "url": "https://support.oracle.com/rs?type=doc&id=3050828.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-11599V-9.1.34-9.1.36" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-807V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-28708", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2023-34053", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ] } ], "ids": [ { "system_name": "Oracle Bug ID of GoldenGate Stream Analytics", "text": "36110720" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ] } ] }, { "cve": "CVE-2023-35116", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-35887", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "37538396" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36223856" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Mina SSHD)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (Apache Mina)). Supported versions that are affected are 13.5.0.0.0 and 24.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-24.1.0.0.0", "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-1370V-13.5.0.0.0", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070733.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ] } ] }, { "cve": "CVE-2023-36479", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36353879" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Eclipse Jetty)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2023-37536", "ids": [ { "system_name": "Oracle Bug ID of Oracle Demantra Demand Management", "text": "35955436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Forecast Engine (Apache Xerces-C++)). Supported versions that are affected are 12.2.6-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in takeover of Oracle Demantra Demand Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2100V-12.2.6-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2100V-12.2.6-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=3078833.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2100V-12.2.6-12.2.14" ] } ] }, { "cve": "CVE-2023-38546", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36742253" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (libcurl)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-39410", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37107740" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (Apache Avro)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13676V-22.1.0.0.0", "P-13676V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-13676V-22.1.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13676V-22.2.0.0.0", "P-13676V-22.1.0.0.0", "P-13676V-21.1.0.0.0" ] } ] }, { "cve": "CVE-2023-40167", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36353879" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Eclipse Jetty)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2023-40743", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Reporting and Analytics", "text": "36050451" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting (Apache Axis)). Supported versions that are affected are 9.1.34-9.1.36. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11599V-9.1.34-9.1.36" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11599V-9.1.34-9.1.36" ], "url": "https://support.oracle.com/rs?type=doc&id=3050828.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-11599V-9.1.34-9.1.36" ] } ] }, { "cve": "CVE-2023-41080", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2023-42795", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2023-44487", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37275401" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Nimbus JOSE+JWT)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0", "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0", "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2023-45648", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2023-46589", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36110103" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Tomcat)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-11513V-21.0.4", "P-14634V-24.1.0-24.11.0", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2023-48795", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36223856" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Mina SSHD)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2023-49582", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13940V-9.1.1.9" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37524571" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "37524560" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "37524583" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37524561" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37524558" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37524604" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37524554" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "37524589" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Apache Portable Runtime)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Portable Runtime)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Platform (Apache Portable Runtime)). Supported versions that are affected are 8.1.2.8, 8.1.2.9 and 8.0.8.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Behavior Detection Platform executes to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Apache Portable Runtime)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition executes to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Automated Test Suite Framework (Apache Portable Runtime)). The supported version that is affected is 25.1.100. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Apache Portable Runtime)). Supported versions that are affected are 24.2.0 and 24.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Service Communication Proxy executes to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite Framework (Apache Portable Runtime)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Apache Portable Runtime)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Repository Function executes to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13789V-8.0.8", "P-14117V-24.2.0", "P-14117V-24.3.0", "P-9190V-8.1.2.9", "P-14597V-6.0-6.1", "P-9190V-8.1.2.8", "P-9190V-8.0.8.1", "P-14119V-25.1.100", "P-14118V-24.2.3", "P-14123V-24.2.3" ], "known_not_affected": [ "P-13940V-9.1.1.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.9", "P-9190V-8.1.2.8", "P-9190V-8.0.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078941.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=3078942.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-24.2.0", "P-14117V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.9" ] }, { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13789V-8.0.8", "P-14117V-24.2.0", "P-14117V-24.3.0", "P-9190V-8.1.2.9", "P-14597V-6.0-6.1", "P-9190V-8.1.2.8", "P-9190V-8.0.8.1", "P-14119V-25.1.100", "P-14118V-24.2.3", "P-14123V-24.2.3" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13940V-9.1.1.9" ] } ] }, { "cve": "CVE-2023-51074", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "37397620" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "37397112" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37397110" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "37397097" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "37397614" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37397613" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37397104" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "37397743" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (JsonPath)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (JsonPath)). The supported version that is affected is 24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (JsonPath)). Supported versions that are affected are 24.2.0 and 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (JsonPath)). Supported versions that are affected are 11.3.2 and 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Infrastructure (JsonPath)). The supported version that is affected is 7.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (JsonPath)). Supported versions that are affected are 24.1.0-24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (JsonPath)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (JsonPath)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-2270V-7.5.0", "P-14123V-24.2.2", "P-4516V-7.5.1", "P-11513V-20.0.5", "P-9633V-11.4.0", "P-9633V-11.3.2", "P-14117V-24.2.0", "P-14117V-24.3.0", "P-14547V-24.1.0-24.3.0", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-14118V-24.2.3", "P-11513V-21.0.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077292.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-24.2.0", "P-14117V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.4.0", "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078810.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077278.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-2270V-7.5.0", "P-14123V-24.2.2", "P-4516V-7.5.1", "P-11513V-20.0.5", "P-9633V-11.4.0", "P-9633V-11.3.2", "P-14117V-24.2.0", "P-14117V-24.3.0", "P-14547V-24.1.0-24.3.0", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-14118V-24.2.3", "P-11513V-21.0.4" ] } ] }, { "cve": "CVE-2023-51441", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Reporting and Analytics", "text": "36050451" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting (Apache Axis)). Supported versions that are affected are 9.1.34-9.1.36. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11599V-9.1.34-9.1.36" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11599V-9.1.34-9.1.36" ], "url": "https://support.oracle.com/rs?type=doc&id=3050828.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-11599V-9.1.34-9.1.36" ] } ] }, { "cve": "CVE-2023-52428", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "37513922" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37275401" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Nimbus JOSE+JWT)). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Nimbus JOSE+JWT)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0", "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=3078811.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0", "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.62" ] } ] }, { "cve": "CVE-2023-5388", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13940V-9.1.1.9" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37454485" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "37454496" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37454488" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37454499" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37454498" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37454489" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37454500" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37454514" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (NSS)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (NSS)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (NSS)). The supported version that is affected is 8.1.0.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Messaging Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (NSS)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (NSS)). Supported versions that are affected are 24.1.0-24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Network Analytics Data Director accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (NSS)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (NSS)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (NSS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-24.2.0-24.2.2", "P-8496V-8.1.0.26.0", "P-14547V-24.1.0-24.3.0", "P-10900V-15.0.0.0.0", "P-14597V-6.0-6.1", "P-14118V-24.2.3", "P-14277V-24.2.0-24.2.4" ], "known_not_affected": [ "P-13940V-9.1.1.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.26.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077282.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-8496V-8.1.0.26.0", "P-14547V-24.1.0-24.3.0", "P-10900V-15.0.0.0.0", "P-14597V-6.0-6.1", "P-14118V-24.2.3", "P-14277V-24.2.0-24.2.4" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.9" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13940V-9.1.1.9" ] } ] }, { "cve": "CVE-2023-5685", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37560906" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (XNIO)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-24.2.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-24.2.3" ] } ] }, { "cve": "CVE-2024-11053", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-619(Oracle Spatial and Graph Mapviewer)V-23.4-23.7", "P-619(Oracle Spatial and Graph Mapviewer)V-19.3-19.26", "P-619(Oracle Spatial and Graph Mapviewer)V-21.3-21.17" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37389592" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "37389588" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37389579" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37389578" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (curl)). Supported versions that are affected are 6.0-6.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Spatial and Graph Mapviewer (Curl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (curl)). The supported version that is affected is 11.2.19.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Oracle Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Mod_Security (curl)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-4392V-11.2.19.0.000", "P-14597V-6.0-6.1", "P-1042(Mod_Security)V-14.1.2.0.0" ], "known_not_affected": [ "P-619(Oracle Spatial and Graph Mapviewer)V-21.3-21.17", "P-619(Oracle Spatial and Graph Mapviewer)V-23.4-23.7", "P-619(Oracle Spatial and Graph Mapviewer)V-19.3-19.26" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619(Oracle Spatial and Graph Mapviewer)V-23.4-23.7", "P-619(Oracle Spatial and Graph Mapviewer)V-19.3-19.26", "P-619(Oracle Spatial and Graph Mapviewer)V-21.3-21.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.19.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 3.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14597V-6.0-6.1" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-619(Oracle Spatial and Graph Mapviewer)V-23.4-23.7", "P-619(Oracle Spatial and Graph Mapviewer)V-19.3-19.26", "P-619(Oracle Spatial and Graph Mapviewer)V-21.3-21.17" ] }, { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0", "P-4392V-11.2.19.0.000" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-619(Oracle Spatial and Graph Mapviewer)V-23.4-23.7", "P-619(Oracle Spatial and Graph Mapviewer)V-19.3-19.26", "P-619(Oracle Spatial and Graph Mapviewer)V-21.3-21.17" ] } ] }, { "cve": "CVE-2024-11233", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] }, { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13941V-9.0.1.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Aware", "text": "37561236" }, { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "37561224" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Aware product of Oracle Communications (component: Internal Tools (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1522V-19.1.0.0", "P-13941V-9.0.1.11", "P-1522V-18.1.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13941V-9.0.1.11" ], "url": "https://support.oracle.com/rs?type=doc&id=3079194.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13941V-9.0.1.11", "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] }, { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13941V-9.0.1.11" ] } ] }, { "cve": "CVE-2024-11234", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] }, { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13941V-9.0.1.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Aware", "text": "37561236" }, { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "37561224" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Aware product of Oracle Communications (component: Internal Tools (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1522V-19.1.0.0", "P-13941V-9.0.1.11", "P-1522V-18.1.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13941V-9.0.1.11" ], "url": "https://support.oracle.com/rs?type=doc&id=3079194.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13941V-9.0.1.11", "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] }, { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13941V-9.0.1.11" ] } ] }, { "cve": "CVE-2024-11236", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] }, { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13941V-9.0.1.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Aware", "text": "37561236" }, { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "37561224" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Aware product of Oracle Communications (component: Internal Tools (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1522V-19.1.0.0", "P-13941V-9.0.1.11", "P-1522V-18.1.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13941V-9.0.1.11" ], "url": "https://support.oracle.com/rs?type=doc&id=3079194.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13941V-9.0.1.11", "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-19.1.0.0", "P-1522V-18.1.0.1" ] }, { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13941V-9.0.1.11" ] } ] }, { "cve": "CVE-2024-1135", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37693435" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37693428" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Gunicorn)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Gunicorn)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.0-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.0-24.2.4" ] } ] }, { "cve": "CVE-2024-11612", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "37525894" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Build (7-Zip)). The supported version that is affected is 8.5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2276V-8.5.7" ] } ] }, { "cve": "CVE-2024-12797", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37729104" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37746122" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Cryptography)). Supported versions that are affected are 24.2.3 and 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core DBTier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core DBTier accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core DBTier accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core DBTier. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Cryptography)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14974V-24.2.3", "P-14974V-24.3.0", "P-14123V-24.2.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.3.0", "P-14974V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-14974V-24.3.0", "P-14974V-24.2.3", "P-14123V-24.2.3" ] } ] }, { "cve": "CVE-2024-12798", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "37607613" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Solution Designer (logback)). Supported versions that are affected are 8.0.0.4.0 and 8.1.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Service Catalog and Design, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Service Catalog and Design accessible data as well as unauthorized read access to a subset of Oracle Communications Service Catalog and Design accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-8.1.0.2.0", "P-2283V-8.0.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.4.0", "P-2283V-8.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077306.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L", "version": "3.1" }, "products": [ "P-2283V-8.0.0.4.0", "P-2283V-8.1.0.2.0" ] } ] }, { "cve": "CVE-2024-12801", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "37607613" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Solution Designer (logback)). Supported versions that are affected are 8.0.0.4.0 and 8.1.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Service Catalog and Design, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Service Catalog and Design accessible data as well as unauthorized read access to a subset of Oracle Communications Service Catalog and Design accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-8.1.0.2.0", "P-2283V-8.0.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.4.0", "P-2283V-8.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077306.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L", "version": "3.1" }, "products": [ "P-2283V-8.0.0.4.0", "P-2283V-8.1.0.2.0" ] } ] }, { "cve": "CVE-2024-13176", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37331282" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "37618845" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "37618848" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "37618847" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "37618844" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "37618843" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "37618873" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37618872" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Mod_Security (OpenSSL)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Web Platform (OpenSSL)). The supported version that is affected is 21.7.1.0.0. Easily exploitable vulnerability allows physical access to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Essbase accessible data as well as unauthorized read access to a subset of Oracle Essbase accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Essbase. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Database (OpenSSL) component of Oracle Database Server. Supported versions that are affected are 23.4-23.7. Easily exploitable vulnerability allows physical access to compromise Oracle Database (OpenSSL). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database (OpenSSL) accessible data as well as unauthorized read access to a subset of Oracle Database (OpenSSL) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database (OpenSSL). CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.41. Easily exploitable vulnerability allows physical access to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Workbench accessible data as well as unauthorized read access to a subset of MySQL Workbench accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Workbench. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Backup accessible data as well as unauthorized read access to a subset of MySQL Enterprise Backup accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Backup. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.4.0-8.4.4", "P-8478(Server: Packaging)V-9.0.0-9.2.0", "P-4379V-21.7.1.0.0", "P-1042(Mod_Security)V-14.1.2.0.0", "P-8576(Connector/ODBC)V-9.0.0-9.2.0", "P-4629V-9.0.0-9.2.0", "P-5(Oracle Database)V-23.4-23.7", "P-8576(Connector/C++)V-9.0.0-9.2.0", "P-4627V-8.0.0-8.0.41", "P-1042(Mod_Security)V-12.2.1.4.0", "P-8478(Server: Packaging)V-8.4.0-8.4.4", "P-4629V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-8.0.0-8.0.41" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.4.0-8.4.4", "P-4627V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-9.0.0-9.2.0", "P-8576(Connector/ODBC)V-9.0.0-9.2.0", "P-4629V-9.0.0-9.2.0", "P-8478(Server: Packaging)V-8.4.0-8.4.4", "P-8576(Connector/C++)V-9.0.0-9.2.0", "P-4629V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-8.0.0-8.0.41" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.7.1.0.0", "P-5(Oracle Database)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0" ] }, { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-4629V-8.4.0-8.4.4", "P-4627V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-9.0.0-9.2.0", "P-4379V-21.7.1.0.0", "P-8576(Connector/ODBC)V-9.0.0-9.2.0", "P-4629V-9.0.0-9.2.0", "P-8478(Server: Packaging)V-8.4.0-8.4.4", "P-8576(Connector/C++)V-9.0.0-9.2.0", "P-4629V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-8.0.0-8.0.41" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-23.4-23.7" ] } ] }, { "cve": "CVE-2024-21538", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37748672" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (cross-spawn)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-24.2.0-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14277V-24.2.0-24.2.4" ] } ] }, { "cve": "CVE-2024-22243", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36462571" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Spring Framework)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2024-23672", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2024-23807", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "36754718" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Xerces-C++)). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4781V-9.2.0.0-9.2.9.2" ] } ] }, { "cve": "CVE-2024-24549", "ids": [ { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37702679" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Tomcat)). Supported versions that are affected are 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0 and 25.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Autonomous Health Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-23.8.0-23.11.0", "P-14634V-25.2.0", "P-14634V-25.1.0", "P-14634V-24.1.0-24.11.0" ] } ] }, { "cve": "CVE-2024-25638", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37356025" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (dnsjava)). The supported version that is affected is 24.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. While the vulnerability is in Oracle Communications Network Analytics Data Director, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Network Analytics Data Director accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Network Analytics Data Director accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 8.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14547V-24.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.9, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-14547V-24.1.0" ] } ] }, { "cve": "CVE-2024-25710", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "36325000" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "36614144" }, { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "37683779" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "36587756" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Composer, Common (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (Apache Commons Compress)). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Generic (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Security (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Data Integrator executes to compromise Oracle Data Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Data Integrator. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-12.2.1.4.0", "P-4781V-9.2.0.0-9.2.9.2", "P-2196V-12.2.1.4.0", "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0", "P-5325V-12.2.1.4.0", "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0", "P-5325V-12.2.1.4.0", "P-4781V-9.2.0.0-9.2.9.2", "P-807V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-26308", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "36325000" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "36587756" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Composer, Common (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (Apache Commons Compress)). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.9.2", "P-5325V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5325V-12.2.1.4.0", "P-4781V-9.2.0.0-9.2.9.2" ] } ] }, { "cve": "CVE-2024-27856", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-28168", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications MetaSolv Solution", "text": "37570638" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Element Management System", "text": "37570637" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "37232534" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37570639" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "37570695" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "37570622" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37570613" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Apache FOP)). The supported version that is affected is 46.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Element Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Element Management System accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: Print Preview (Apache FOP)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications MetaSolv Solution accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Apache FOP)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Installer (Apache FOP)). Supported versions that are affected are 2.9.0.0.0-7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Plugins (Apache FOP)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (Apache FOP)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking APIs accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: User Interface (Apache FOP)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-14.1.2.0.0", "P-12605V-22.1.0.0.0", "P-2267V-6.3.1", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-11125V-46.6", "P-5325V-12.2.1.4.0", "P-13676V-21.1.0.0.0", "P-13676V-22.2.0.0.0", "P-10900V-15.0.0.0.0", "P-5322V-2.9.0.0.0-7.0.0.0.0", "P-12605V-22.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11125V-46.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3079131.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2267V-6.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077305.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-2.9.0.0.0-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077979.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-14.1.2.0.0", "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13676V-22.2.0.0.0", "P-5325V-14.1.2.0.0", "P-12605V-22.1.0.0.0", "P-2267V-6.3.1", "P-10900V-15.0.0.0.0", "P-5322V-2.9.0.0.0-7.0.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-11125V-46.6", "P-5325V-12.2.1.4.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ] } ] }, { "cve": "CVE-2024-28219", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37202951" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "37202953" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "37202916" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "37202906" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Pillow)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Corporate Lending Process Management executes to compromise Oracle Banking Corporate Lending Process Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Maintenance (Pillow)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Origination executes to compromise Oracle Banking Origination. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Pillow)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Pillow)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Origination executes to compromise Oracle Banking Origination. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13701V-14.5.0.0.0-14.7.0.0.0", "P-14325(Onboarding Batch Processes)V-14.5.0.0.0-14.7.0.0.0", "P-10900V-15.0.0.0.0", "P-14325(Maintenance)V-14.5.0.0.0-14.7.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13701V-14.5.0.0.0-14.7.0.0.0", "P-14325(Onboarding Batch Processes)V-14.5.0.0.0-14.7.0.0.0", "P-14325(Maintenance)V-14.5.0.0.0-14.7.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0", "P-13701V-14.5.0.0.0-14.7.0.0.0", "P-14325(Onboarding Batch Processes)V-14.5.0.0.0-14.7.0.0.0", "P-14325(Maintenance)V-14.5.0.0.0-14.7.0.0.0" ] } ] }, { "cve": "CVE-2024-28834", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37218566" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37218547" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (GnuTLS)). The supported version that is affected is 24.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Management Cloud Engine accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (GnuTLS)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14252V-24.3.0", "P-10900V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0", "P-14252V-24.3.0" ] } ] }, { "cve": "CVE-2024-28835", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37218566" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37218547" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (GnuTLS)). The supported version that is affected is 24.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Management Cloud Engine accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (GnuTLS)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14252V-24.3.0", "P-10900V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0", "P-14252V-24.3.0" ] } ] }, { "cve": "CVE-2024-29025", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36628224" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Netty)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2024-29131", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36711742" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Configuration)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2024-29133", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36711742" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Configuration)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ] }, { "cve": "CVE-2024-29736", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36884163" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server, Client Installer (Apache CXF)). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0", "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.6.0.0.0" ] } ] }, { "cve": "CVE-2024-29857", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "37557580" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-14.1.2.0.0", "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-14.1.2.0.0", "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1162V-14.1.2.0.0", "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-30172", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37276065" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Bouncy Castle Java Library)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0" ] } ] }, { "cve": "CVE-2024-31141", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37701968" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Microservices (Apache Kafka)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.0-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14597V-6.0-6.1" ] } ] }, { "cve": "CVE-2024-32007", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36884163" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server, Client Installer (Apache CXF)). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0", "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.6.0.0.0" ] } ] }, { "cve": "CVE-2024-34064", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37160622" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37160620" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37160597" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "37160612" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Jinja)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Repository Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Web UI (Jinja)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (Jinja)). The supported version that is affected is 24.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Network Analytics Data Director accessible data as well as unauthorized read access to a subset of Oracle Communications Network Analytics Data Director accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Jinja)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0", "P-14118V-24.2.3", "P-14547V-24.1.0", "P-14597V-6.0-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079132.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0", "P-14547V-24.1.0", "P-14597V-6.0-6.1", "P-14118V-24.2.3" ] } ] }, { "cve": "CVE-2024-35195", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "37182014" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "37182026" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37182039" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37182062" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "37182009" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (requests)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending Process Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Maintenance (requests)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Origination accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Platform (requests)). Supported versions that are affected are 12.0.0.8.0 and 15.0.0.0.0-15.0.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (requests)). The supported version that is affected is 24.2.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Repository Function executes to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (requests)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Policy Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "P-13701V-14.5.0.0.0-14.7.0.0.0", "P-14118V-24.2.3", "P-2136(Platform)V-12.0.0.8.0", "P-10900V-15.0.0.0.0", "P-14325V-14.5.0.0.0-14.7.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14325V-14.5.0.0.0-14.7.0.0.0", "P-13701V-14.5.0.0.0-14.7.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "P-2136(Platform)V-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077261.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14325V-14.5.0.0.0-14.7.0.0.0", "P-13701V-14.5.0.0.0-14.7.0.0.0" ] }, { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "P-2136(Platform)V-12.0.0.8.0", "P-10900V-15.0.0.0.0", "P-14118V-24.2.3" ] } ] }, { "cve": "CVE-2024-36114", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13373V-1.5.0", "P-13373V-1.6.0", "P-13373V-1.6.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "37555698" }, { "system_name": "Oracle Bug ID of GoldenGate Stream Analytics", "text": "37555702" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Aircompressor)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: Stream Analytics (Aircompressor)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.10. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise GoldenGate Stream Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Stream Analytics as well as unauthorized update, insert or delete access to some of GoldenGate Stream Analytics accessible data and unauthorized read access to a subset of GoldenGate Stream Analytics accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ], "known_not_affected": [ "P-13373V-1.5.0", "P-13373V-1.6.0", "P-13373V-1.6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13373V-1.5.0", "P-13373V-1.6.0", "P-13373V-1.6.1", "P-14015V-19.1.0.0.0-19.1.0.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13373V-1.5.0", "P-13373V-1.6.0", "P-13373V-1.6.1" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13373V-1.5.0", "P-13373V-1.6.0", "P-13373V-1.6.1" ] } ] }, { "cve": "CVE-2024-37891", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13940V-9.1.1.9", "P-14015V-19.1.0.0.0-19.1.0.0.10" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37362313" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "37362116" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37362114" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "37362094" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "37362150" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37362111" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37362089" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Compliance Studio", "text": "37362232" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "37362088" }, { "system_name": "Oracle Bug ID of GoldenGate Stream Analytics", "text": "37362341" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (urllib3)). Supported versions that are affected are 24.2.0 and 24.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite Framework (urllib3)). The supported version that is affected is 24.2.3. Difficult to exploit vulnerability allows high privileged attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (urllib3)). The supported version that is affected is 24.2.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration and Maintenance (urllib3)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Machine Learning (urllib3)). The supported version that is affected is 7.6.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (urllib3)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Automated Test Suite Framework (urllib3)). The supported version that is affected is 9.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: General Issues (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Reports (urllib3)). The supported version that is affected is 8.1.2.9. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Compliance Studio accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0", "P-14392V-8.1.2.9", "P-14117V-24.2.0", "P-14117V-24.3.0", "P-14325V-14.5.0.0.0-14.7.0.0.0", "P-2025V-7.6.0.0.0", "P-14118V-24.2.3", "P-13701V-14.5.0.0.0-14.7.0.0.0", "P-14123V-24.2.3" ], "known_not_affected": [ "P-13940V-9.1.1.9", "P-14015V-19.1.0.0.0-19.1.0.0.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-24.2.0", "P-14117V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14325V-14.5.0.0.0-14.7.0.0.0", "P-13701V-14.5.0.0.0-14.7.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079132.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14392V-8.1.2.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3078903.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0", "P-14392V-8.1.2.9", "P-14117V-24.2.0", "P-14117V-24.3.0", "P-14325V-14.5.0.0.0-14.7.0.0.0", "P-2025V-7.6.0.0.0", "P-14118V-24.2.3", "P-13701V-14.5.0.0.0-14.7.0.0.0", "P-14123V-24.2.3" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.9", "P-14015V-19.1.0.0.0-19.1.0.0.10" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13940V-9.1.1.9", "P-14015V-19.1.0.0.0-19.1.0.0.10" ] } ] }, { "cve": "CVE-2024-38357", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM End User", "text": "36919674" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: EAI, UI (TinyMCE)). Supported versions that are affected are 24.7-25.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel CRM End User executes to compromise Siebel CRM End User. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM End User accessible data as well as unauthorized read access to a subset of Siebel CRM End User accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-24.7-25.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-24.7-25.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078812.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9011V-24.7-25.2" ] } ] }, { "cve": "CVE-2024-38474", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37589398" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-38476", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37589398" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-38816", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14252V-24.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "37347943" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37260048" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37259994" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37260117" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure (Spring Framework)). The supported version that is affected is 14.7.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Spring Framework)). The supported version that is affected is 9.1.1.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: BEServer (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (Spring Framework)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13940V-9.1.1.9", "P-13304V-14.7.0.7.0", "P-14489V-24.2.0" ], "known_not_affected": [ "P-14252V-24.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.7.0.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-13304V-14.7.0.7.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.9", "P-14489V-24.2.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-24.3.0" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14252V-24.3.0" ] } ] }, { "cve": "CVE-2024-38819", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14252V-24.3.0", "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "37361211" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37260008" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "37259991" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37260048" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37259994" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36462571" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37260117" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "37260011" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "37260133" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Veridata", "text": "37260078" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "37670389" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Spring Framework)). Supported versions that are affected are 8.1.2.5, 8.1.1.4, 8.0.8.6 and 8.0.7.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Spring Framework)). Supported versions that are affected are 22.12.0-22.12.15, 23.12.0-23.12.13 and 24.12.0-24.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Spring Framework)). The supported version that is affected is 9.1.1.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: BEServer (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Docupresentment IDS Server (Spring Framework)). Supported versions that are affected are 12.7.1.6, 12.7.2.3 and 13.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Documaker accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Spring Framework)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (Spring Framework)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Spring Framework)). Supported versions that are affected are 9.0.0, 9.0.1, 9.0.2 and 9.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Spring Framework)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Spring Framework)). Supported versions that are affected are 11.3.2 and 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-13.0.0.1", "P-5680V-8.0.8.6", "P-11513V-20.0.5", "P-14489V-24.2.0", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-19.0.6", "P-10354V-24.12.0-24.12.3", "P-13940V-9.1.1.9", "P-11513V-22.0.2", "P-5680V-8.1.2.5", "P-10354V-22.12.0-22.12.15", "P-9633V-11.4.0", "P-10354V-23.12.0-23.12.13", "P-9633V-11.3.2", "P-5477V-12.7.1.6", "P-11052V-9.0.1", "P-11052V-9.0.0", "P-14597V-6.0-6.1", "P-5477V-12.7.2.3", "P-11052V-9.0.3", "P-5680V-8.0.7.8", "P-11052V-9.0.2", "P-11513V-21.0.4", "P-5680V-8.1.1.4" ], "known_not_affected": [ "P-14252V-24.3.0", "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.8.6", "P-5680V-8.0.7.8", "P-5680V-8.1.1.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079096.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10354V-24.12.0-24.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3078091.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.241210" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-13.0.0.1", "P-5477V-12.7.1.6", "P-5477V-12.7.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079097.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.1", "P-11052V-9.0.0", "P-11052V-9.0.3", "P-11052V-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079195.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.4.0", "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078810.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5477V-13.0.0.1", "P-5680V-8.0.8.6", "P-10354V-24.12.0-24.12.3", "P-13940V-9.1.1.9", "P-14489V-24.2.0", "P-5680V-8.1.2.5", "P-10354V-22.12.0-22.12.15", "P-9633V-11.4.0", "P-10354V-23.12.0-23.12.13", "P-9633V-11.3.2", "P-5477V-12.7.1.6", "P-11052V-9.0.1", "P-11052V-9.0.0", "P-14597V-6.0-6.1", "P-5477V-12.7.2.3", "P-11052V-9.0.3", "P-5680V-8.0.7.8", "P-11052V-9.0.2", "P-5680V-8.1.1.4" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-24.3.0" ] }, { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14252V-24.3.0", "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] } ] }, { "cve": "CVE-2024-38820", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14252V-24.3.0", "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "37402184" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37260008" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "37259991" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "37347943" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37259994" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37260048" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "36462571" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37260117" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "37260011" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Veridata", "text": "37260078" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "37260133" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Spring Framework)). Supported versions that are affected are 11.3.2 and 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (Spring Framework)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Spring Framework)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Docupresentment IDS Server (Spring Framework)). Supported versions that are affected are 12.7.1.6, 12.7.2.3 and 13.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Documaker accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: BEServer (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Spring Framework)). The supported version that is affected is 9.1.1.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Spring Framework)). Supported versions that are affected are 22.12.0-22.12.15, 23.12.0-23.12.13 and 24.12.0-24.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure (Spring Framework)). The supported version that is affected is 14.7.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Development Operations (Spring Framework)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Spring Framework)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-13.0.0.1", "P-11513V-19.0.6", "P-10354V-24.12.0-24.12.3", "P-13940V-9.1.1.9", "P-11513V-22.0.2", "P-1479V-7.6.0.0.0", "P-11513V-20.0.5", "P-14489V-24.2.0", "P-9633V-11.4.0", "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-9633V-11.3.2", "P-13304V-14.7.0.7.0", "P-5477V-12.7.1.6", "P-11513V-24.0.1", "P-14597V-6.0-6.1", "P-11513V-23.0.2", "P-5477V-12.7.2.3", "P-11513V-21.0.4" ], "known_not_affected": [ "P-14252V-24.3.0", "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.4.0", "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078810.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-13.0.0.1", "P-5477V-12.7.1.6", "P-5477V-12.7.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079097.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.241210" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10354V-24.12.0-24.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3078091.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.7.0.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9633V-11.4.0", "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-9633V-11.3.2", "P-5477V-13.0.0.1", "P-5477V-12.7.1.6", "P-10354V-24.12.0-24.12.3", "P-13940V-9.1.1.9", "P-14597V-6.0-6.1", "P-5477V-12.7.2.3", "P-14489V-24.2.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-24.3.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-13304V-14.7.0.7.0", "P-1479V-7.6.0.0.0" ] }, { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-11513V-23.0.2", "P-11513V-21.0.4", "P-11513V-20.0.5" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14252V-24.3.0", "P-5758V-12.2.1.4.0-12.2.1.4.241210" ] } ] }, { "cve": "CVE-2024-38827", "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37366333" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "37366324" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37366303" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37204141" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Spring Security)). The supported version that is affected is 24.2.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Repository Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server, Pipeline Test Failures, Installation (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Spring Security)). The supported version that is affected is 8.1.2.7.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Model Management and Governance accessible data as well as unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Spring Security)). The supported version that is affected is 9.1.1.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle SD-WAN Edge accessible data as well as unauthorized read access to a subset of Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.7.0", "P-2025V-12.2.1.4.0", "P-14118V-24.2.3", "P-13940V-9.1.1.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078931.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14276V-8.1.2.7.0", "P-2025V-12.2.1.4.0", "P-13940V-9.1.1.9", "P-14118V-24.2.3" ] } ] }, { "cve": "CVE-2024-38828", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "37561089" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Spring MVC)). Supported versions that are affected are ECC:12-13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-ECC:12-13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-ECC:12-13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-13788V-ECC:12-13" ] } ] }, { "cve": "CVE-2024-38998", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13676V-22.2.0.0.0", "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Demantra Demand Management", "text": "37225074" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Reporting", "text": "37225293" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37225090" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (RequireJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security (RequireJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (RequireJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-13676V-22.2.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-13676V-22.1.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2100V-12.2.6-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=3078833.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8776V-11.2.19.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13676V-22.2.0.0.0", "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13676V-22.2.0.0.0", "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] } ] }, { "cve": "CVE-2024-38999", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13676V-22.2.0.0.0", "P-4379V-21.7.1.0.0", "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "37225296" }, { "system_name": "Oracle Bug ID of Oracle Demantra Demand Management", "text": "37225074" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Reporting", "text": "37225293" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37225090" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security (RequireJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (RequireJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (RequireJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Web Platform (RequireJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13676V-22.2.0.0.0", "P-4379V-21.7.1.0.0", "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2100V-12.2.6-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=3078833.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-13676V-22.1.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8776V-11.2.19.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.7.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13676V-22.2.0.0.0", "P-4379V-21.7.1.0.0", "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13676V-22.2.0.0.0", "P-4379V-21.7.1.0.0", "P-2100V-12.2.6-12.2.14", "P-13676V-22.1.0.0.0", "P-8776V-11.2.19.0.000", "P-13676V-21.1.0.0.0" ] } ] }, { "cve": "CVE-2024-39338", "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "37571211" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle GoldenGate (component: Internal Framework (Axios)). Supported versions that are affected are 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle GoldenGate accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5757V-23.4-23.7", "P-5757V-21.3-21.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-23.4-23.7", "P-5757V-21.3-21.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5757V-23.4-23.7", "P-5757V-21.3-21.17" ] } ] }, { "cve": "CVE-2024-39573", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37589398" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-39884", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37589398" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-40725", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37589398" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-40866", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-40896", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37519096" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "37519075" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37519101" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37519113" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37519104" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (libxml2)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (libxml2)). Supported versions that are affected are 8.0.0-8.0.41. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Workbench accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (libxml2)). The supported version that is affected is 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (libxml2)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (libxml2)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.0-8.0.41", "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0", "P-14597V-6.0-6.1", "P-14119V-25.1.100", "P-14489V-24.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.0-8.0.41" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-4627V-8.0.0-8.0.41", "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0", "P-14597V-6.0-6.1", "P-14119V-25.1.100", "P-14489V-24.2.0" ] } ] }, { "cve": "CVE-2024-4227", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications User Data Repository", "text": "37670490" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37670488" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (gSOAP)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (gSOAP)). Supported versions that are affected are 15.0.0, 15.0.1 and 15.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11108V-15.0.0", "P-11108V-15.0.2", "P-11108V-15.0.1", "P-10900V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11108V-15.0.0", "P-11108V-15.0.2", "P-11108V-15.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3079130.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0", "P-11108V-15.0.0", "P-11108V-15.0.2", "P-11108V-15.0.1" ] } ] }, { "cve": "CVE-2024-42367", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "37366004" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-24.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM Cloud Applications accessible data as well as unauthorized read access to a subset of Siebel CRM Cloud Applications accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-24.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-24.11" ], "url": "https://support.oracle.com/rs?type=doc&id=3078812.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14107V-17.0-24.11" ] } ] }, { "cve": "CVE-2024-43044", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37010594" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Jenkins)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10900V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0" ] } ] }, { "cve": "CVE-2024-43045", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37010594" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Jenkins)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10900V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0" ] } ] }, { "cve": "CVE-2024-43709", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37584870" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Elasticsearch)). The supported version that is affected is 6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.0" ] } ] }, { "cve": "CVE-2024-43796", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37723885" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: User Interface (Express.js)). Supported versions that are affected are 6.0-6.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.0-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-6.0-6.1" ] } ] }, { "cve": "CVE-2024-44185", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-44187", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-44244", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-44296", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-44308", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-44309", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-45337", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "37512789" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3079223.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] } ] }, { "cve": "CVE-2024-45338", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "37512789" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3079223.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14125V-25.1.100", "P-14125V-24.2.5" ] } ] }, { "cve": "CVE-2024-45613", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37487915" }, { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "37622383" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (CKEditor)). Supported versions that are affected are 11.3.0, 11.3.1, 11.3.2 and 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (CKEditor)). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-9348V-11.4.0", "P-9348V-11.3.2", "P-9348V-11.3.0", "P-4781V-9.2.0.0-9.2.9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.4.0", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078810.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-9348V-11.4.0", "P-9348V-11.3.2", "P-9348V-11.3.0", "P-4781V-9.2.0.0-9.2.9.2" ] } ] }, { "cve": "CVE-2024-47072", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "37327317" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37509184" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37509181" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37509171" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37509182" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37509177" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37509185" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37509175" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "37509186" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "37310904" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37509149" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (XStream)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (XStream)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (XStream)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (XStream)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (XStream)). Supported versions that are affected are 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3 and 24.1.0.0.0-24.3.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Discussion Forums (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (XStream)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (XStream)). Supported versions that are affected are 7.4.0-7.4.2, 7.5.0, 7.5.1, 7.6.0 and 7.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (XStream)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (XStream)). Supported versions that are affected are 24.1.0-24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Automated Test Suite Framework (XStream)). The supported version that is affected is 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4516V-7.7.0", "P-13676V-22.1.0.0.0", "P-4516V-7.5.0", "P-2245V-4.4.0.0.0", "P-1696V-12.2.1.4.0", "P-4516V-7.5.1", "P-4516V-7.6.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-14489V-24.2.0", "P-13676V-21.1.0.0.0", "P-14277V-24.2.0-24.2.4", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-14118V-24.2.3", "P-14119V-25.1.100", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-24.1.0.0.0-24.3.0.0.0", "P-2245V-4.5.0.1.3", "P-10900V-15.0.0.0.0", "P-14547V-24.1.0-24.3.0", "P-4516V-7.4.0-7.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-13676V-22.1.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-24.1.0.0.0-24.3.0.0.0", "P-2245V-4.5.0.1.3", "P-2245V-4.5.0.1.1", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078835.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.7.0", "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-4516V-7.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077278.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4516V-7.7.0", "P-2245V-4.5.0.1.1", "P-13676V-22.1.0.0.0", "P-2245V-4.5.0.0.0", "P-4516V-7.5.0", "P-2245V-4.4.0.0.0", "P-1696V-12.2.1.4.0", "P-4516V-7.5.1", "P-4516V-7.6.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-14489V-24.2.0", "P-13676V-21.1.0.0.0", "P-14277V-24.2.0-24.2.4", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-2245V-24.1.0.0.0-24.3.0.0.0", "P-2245V-4.5.0.1.3", "P-10900V-15.0.0.0.0", "P-14547V-24.1.0-24.3.0", "P-4516V-7.4.0-7.4.2", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-14118V-24.2.3", "P-14119V-25.1.100" ] } ] }, { "cve": "CVE-2024-47197", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "37244440" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Application Interface (Apache Maven Shared Utils)). Supported versions that are affected are 17.0-25.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM Deployment accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9019V-17.0-25.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-25.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078812.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9019V-17.0-25.2" ] } ] }, { "cve": "CVE-2024-47535", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "37352760" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Certificate Management", "text": "37733692" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Netty)). The supported version that is affected is 23.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14868V-24.2.2", "P-11607V-23.2.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14868V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-23.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078677.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14868V-24.2.2" ] }, { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-11607V-23.2.1" ] } ] }, { "cve": "CVE-2024-47544", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47545", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47546", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47554", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-23.4.3", "P-13373V-1.5.0", "P-14069V-24.3.0", "P-13373V-1.6.0", "P-13373V-1.6.1", "P-1875V-24.3.1.347.1826", "P-9456V-23.2", "P-9456V-23.1", "P-9456V-23.4", "P-9456V-23.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "37476924" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "37476988" }, { "system_name": "Oracle Bug ID of Oracle Communications MetaSolv Solution", "text": "37477018" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Forms Recognition", "text": "37477237" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "37477016" }, { "system_name": "Oracle Bug ID of Oracle SQL Developer", "text": "37477258" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "37477036" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37477035" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "37477012" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "37315607" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37477020" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "37477185" }, { "system_name": "Oracle Bug ID of Oracle Retail Store Inventory Management", "text": "37477182" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37476938" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37476912" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37476998" }, { "system_name": "Oracle Bug ID of Graph Server and Client", "text": "37477108" }, { "system_name": "Oracle Bug ID of Oracle Service Bus", "text": "37498944" }, { "system_name": "Oracle Bug ID of Oracle Communications Pricing Design Center", "text": "37477028" }, { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "37477149" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "37476950" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware MapViewer", "text": "37477148" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "37477203" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37477026" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "37476992" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "37477025" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "37477069" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37476991" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37477002" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37477001" }, { "system_name": "Oracle Bug ID of Oracle Policy Modeling", "text": "37477152" }, { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "36332978" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "37477052" }, { "system_name": "Oracle Bug ID of Oracle Policy Automation", "text": "37477151" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "37477250" }, { "system_name": "Oracle Bug ID of Oracle Retail Order Broker", "text": "37477172" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "37477094" }, { "system_name": "Oracle Bug ID of Oracle Business Activity Monitoring", "text": "37454347" }, { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "37454904" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "37481780" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "37819053" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "37476917" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: General (Apache Commons IO)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Commons IO)). Supported versions that are affected are 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1 and 4.5.0.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Activity Monitoring product of Oracle Fusion Middleware (component: Server, Composer (Apache Commons IO)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Activity Monitoring. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Activity Monitoring. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Rest Converters (Apache Commons IO)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (Apache Commons IO)). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Services Tools Bundle (Apache Commons IO)). Supported versions that are affected are 8.00-8.18, 18.1-18.4, 19.1-19.4, 20.1-20.4, 22.2, 23.1-23.4, 24.1-24.4 and 25.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OSS Support Tools. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Document Management (Apache Commons IO)). The supported version that is affected is 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Agile Engineering Data Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Engineering Data Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (Apache Commons IO)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: User Interface (Apache Commons IO)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Security (Apache Commons IO)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Apache Commons IO)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Apache Commons IO)). The supported version that is affected is 24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Apache Commons IO)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Commons IO)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Install (Apache Commons IO)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Automated Test Suite (Apache Commons IO)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Apache Commons IO)). The supported version that is affected is 8.1.0.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: JSP Pages (Apache Commons IO)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications MetaSolv Solution. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (Apache Commons IO)). Supported versions that are affected are 24.1.0, 24.2.0 and 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Apache Commons IO)). Supported versions that are affected are 7.5.0, 7.4.1 and 7.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Apache Commons IO)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: On-premise Deployment (Apache Commons IO)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0 and 15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Commons IO)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Apache Commons IO)). Supported versions that are affected are 7.4.1, 7.4.2, 7.5.0 and 7.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Commons IO)). The supported version that is affected is 11.2.19.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache Commons IO)). Supported versions that are affected are 8.1.2.5, 8.1.1.4, 8.0.8.6 and 8.0.7.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Commons IO)). The supported version that is affected is 8.1.2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Graph Server and Client product of Oracle Graph Server and Client (component: Install (Apache Commons IO)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Core (Apache Commons IO)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Apache Commons IO)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Policy Automation (component: Determinations Engine (Apache Commons IO)). Supported versions that are affected are 12.2.0-12.2.36. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Policy Automation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Policy Modeling product of Oracle Policy Automation (component: Generic (Apache Commons IO)). Supported versions that are affected are 12.2.0-12.2.36. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Modeling. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Policy Modeling. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: Order Broker Foundation - OBF (Apache Commons IO)). The supported version that is affected is 19.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Order Broker. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Core (Apache Commons IO)). The supported version that is affected is 16.0.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Store Inventory Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons IO)). Supported versions that are affected are 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Apache Commons IO)). Supported versions that are affected are 22.1.1.1.0-22.1.1.30.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle TimesTen In-Memory Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Forms Recognition product of Oracle Fusion Middleware (component: Learnset Manager (Apache Commons IO)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Forms Recognition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Forms Recognition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons IO)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Gateway. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle SQL Developer (component: Install (Apache Commons IO)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant (Apache Commons IO)). Supported versions that are affected are 2.11.0-2.12.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OSS Support Tools. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: Workshop (Apache Commons IO)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Commons IO)). The supported version that is affected is 23.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.0.8.6", "P-2267V-6.3.1", "P-14547V-24.1.0", "P-2270V-7.4.0", "P-13676V-22.1.0.0.0", "P-14547V-24.3.0", "P-2270V-7.4.1", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-5624V-12.2.0-12.2.36", "P-2245V-4.4.0.3.0", "P-1162V-14.1.2.0.0", "P-11513V-20.0.5", "P-14277V-24.2.0-24.2.4", "P-14121V-24.2.0-24.2.2", "P-1330(Services Tools Bundle)V-19.1-19.4", "P-8496V-8.1.0.26.0", "P-5308V-12.2.1.4.0", "P-1330(Services Tools Bundle)V-22.2", "P-11554V-19.1", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-4436V-6.2.1", "P-4781V-9.2.0.0-9.2.9.2", "P-14118V-24.2.3", "P-12605V-22.1.0.0.0", "P-11513V-22.0.2", "P-1215V-12.2.1.4.0", "P-2245V-4.5.0.0.0", "P-5680V-8.1.2.5", "P-1330(Diagnostic Assistant)V-2.11.0-2.12.46", "P-1330(Services Tools Bundle)V-24.1-24.4", "P-10605V-20.12.0-20.12.17", "P-14597V-6.0-6.1", "P-1330(Services Tools Bundle)V-20.1-20.4", "P-1330(Services Tools Bundle)V-23.1-23.4", "P-5623V-12.2.0-12.2.36", "P-11513V-21.0.4", "P-1870V-22.1.1.1.0-22.1.1.30.0", "P-4392V-11.2.19.0.000", "P-14547V-24.2.0", "P-2270V-7.5.0", "P-4516V-7.4.1", "P-2245V-4.4.0.0.0", "P-4516V-7.4.2", "P-2245V-4.4.0.2.0", "P-14123V-24.2.3", "P-13676V-21.1.0.0.0", "P-14276V-8.1.2.7.0", "P-13676V-22.2.0.0.0", "P-11607V-23.2.1", "P-1330(Services Tools Bundle)V-18.1-18.4", "P-11513V-24.0.1", "P-1330(Services Tools Bundle)V-25.1", "P-9437V-15.0.0.0.0", "P-1838V-16.0.3.16", "P-11513V-23.0.2", "P-5746V-14.1.1.0.0", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0", "P-14250V-24.2.2", "P-11513V-19.0.6", "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-2245V-4.5.0.1.1", "P-12605V-21.1.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-10899V-9.0.0.0", "P-10605V-21.12.0-21.12.15", "P-2245V-4.5.0.1.3", "P-10900V-15.0.0.0.0", "P-1330(Services Tools Bundle)V-8.00-8.18", "P-9437V-15.0.1.0.0", "P-1675V-14.1.2.0.0", "P-5680V-8.0.7.8", "P-12605V-22.2.0.0.0", "P-5680V-8.1.1.4", "P-1162V-12.2.1.4.0" ], "known_not_affected": [ "P-14069V-23.4.3", "P-13373V-1.5.0", "P-14069V-24.3.0", "P-13373V-1.6.0", "P-13373V-1.6.1", "P-1875V-24.3.1.347.1826", "P-9456V-23.2", "P-9456V-23.1", "P-9456V-23.4", "P-9456V-23.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-23.4.3", "P-13373V-1.5.0", "P-14069V-24.3.0", "P-13373V-1.6.0", "P-13373V-1.6.1", "P-1875V-24.3.1.347.1826", "P-9456V-23.2", "P-1870V-22.1.1.1.0-22.1.1.30.0", "P-9456V-23.1", "P-9456V-23.4", "P-9456V-23.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.5.0.1.3", "P-2245V-4.5.0.1.1", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078835.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1215V-12.2.1.4.0", "P-5308V-12.2.1.4.0", "P-1675V-14.1.2.0.0", "P-5746V-14.1.1.0.0", "P-1162V-14.1.2.0.0", "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1330(Diagnostic Assistant)V-2.11.0-2.12.46", "P-1330(Services Tools Bundle)V-19.1-19.4", "P-1330(Services Tools Bundle)V-18.1-18.4", "P-1330(Services Tools Bundle)V-24.1-24.4", "P-1330(Services Tools Bundle)V-8.00-8.18", "P-1330(Services Tools Bundle)V-25.1", "P-1330(Services Tools Bundle)V-20.1-20.4", "P-1330(Services Tools Bundle)V-22.2", "P-1330(Services Tools Bundle)V-23.1-23.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078859.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078833.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077261.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079221.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079132.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.26.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077282.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2267V-6.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077305.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.2.0", "P-14547V-24.1.0", "P-14547V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.4.0", "P-2270V-7.5.0", "P-2270V-7.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077292.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9437V-15.0.0.0.0", "P-9437V-15.0.1.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077300.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.1", "P-4516V-7.5.0", "P-4516V-7.4.2", "P-4516V-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077278.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.19.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.8.6", "P-5680V-8.0.7.8", "P-5680V-8.1.1.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079096.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078931.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5623V-12.2.0-12.2.36", "P-5624V-12.2.0-12.2.36" ], "url": "https://support.oracle.com/rs?type=doc&id=3078527.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-19.0.6", "P-11513V-22.0.2", "P-11513V-24.0.1", "P-1838V-16.0.3.16", "P-11513V-23.0.2", "P-11554V-19.1", "P-11513V-21.0.4", "P-11513V-20.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3077277.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-21.12.0-21.12.15", "P-10605V-20.12.0-20.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3078091.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-23.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078677.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9456V-23.2", "P-9456V-23.1", "P-9456V-23.4", "P-9456V-23.3" ] }, { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2245V-4.5.0.1.3", "P-2245V-4.5.0.1.1", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5680V-8.0.8.6", "P-2267V-6.3.1", "P-14547V-24.1.0", "P-2270V-7.4.0", "P-13676V-22.1.0.0.0", "P-14547V-24.3.0", "P-2270V-7.4.1", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-5624V-12.2.0-12.2.36", "P-1162V-14.1.2.0.0", "P-11513V-20.0.5", "P-14277V-24.2.0-24.2.4", "P-14121V-24.2.0-24.2.2", "P-1330(Services Tools Bundle)V-19.1-19.4", "P-8496V-8.1.0.26.0", "P-5308V-12.2.1.4.0", "P-1330(Services Tools Bundle)V-22.2", "P-11554V-19.1", "P-4436V-6.2.1", "P-4781V-9.2.0.0-9.2.9.2", "P-14118V-24.2.3", "P-12605V-22.1.0.0.0", "P-11513V-22.0.2", "P-1215V-12.2.1.4.0", "P-5680V-8.1.2.5", "P-1330(Diagnostic Assistant)V-2.11.0-2.12.46", "P-1330(Services Tools Bundle)V-24.1-24.4", "P-10605V-20.12.0-20.12.17", "P-14597V-6.0-6.1", "P-1330(Services Tools Bundle)V-20.1-20.4", "P-1330(Services Tools Bundle)V-23.1-23.4", "P-5623V-12.2.0-12.2.36", "P-11513V-21.0.4", "P-1870V-22.1.1.1.0-22.1.1.30.0", "P-4392V-11.2.19.0.000", "P-14547V-24.2.0", "P-2270V-7.5.0", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-14123V-24.2.3", "P-13676V-21.1.0.0.0", "P-14276V-8.1.2.7.0", "P-13676V-22.2.0.0.0", "P-11607V-23.2.1", "P-1330(Services Tools Bundle)V-18.1-18.4", "P-11513V-24.0.1", "P-1330(Services Tools Bundle)V-25.1", "P-9437V-15.0.0.0.0", "P-1838V-16.0.3.16", "P-11513V-23.0.2", "P-5746V-14.1.1.0.0", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0", "P-14250V-24.2.2", "P-11513V-19.0.6", "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-12605V-21.1.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-10899V-9.0.0.0", "P-10605V-21.12.0-21.12.15", "P-10900V-15.0.0.0.0", "P-1330(Services Tools Bundle)V-8.00-8.18", "P-9437V-15.0.1.0.0", "P-1675V-14.1.2.0.0", "P-5680V-8.0.7.8", "P-12605V-22.2.0.0.0", "P-5680V-8.1.1.4", "P-1162V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-23.4.3", "P-13373V-1.5.0", "P-14069V-24.3.0", "P-13373V-1.6.0", "P-13373V-1.6.1", "P-1875V-24.3.1.347.1826" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-23.4.3", "P-13373V-1.5.0", "P-14069V-24.3.0", "P-13373V-1.6.0", "P-13373V-1.6.1", "P-1875V-24.3.1.347.1826", "P-9456V-23.2", "P-9456V-23.1", "P-9456V-23.4", "P-9456V-23.3" ] } ] }, { "cve": "CVE-2024-47561", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "37455077" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "37379253" }, { "system_name": "Oracle Bug ID of GoldenGate Stream Analytics", "text": "37379258" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Rest Converters (Apache Avro)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: Stream Analytics (Apache Avro)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.10. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the GoldenGate Stream Analytics executes to compromise GoldenGate Stream Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of GoldenGate Stream Analytics accessible data as well as unauthorized read access to a subset of GoldenGate Stream Analytics accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of GoldenGate Stream Analytics. CVSS 3.1 Base Score 3.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Composer, Third Party (Apache Avro)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-14.1.2.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.10", "P-5325V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0", "P-1162V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1162V-14.1.2.0.0" ] }, { "cvss_v3": { "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.10" ] }, { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5325V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-47596", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47597", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47606", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47775", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47776", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47777", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-47778", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37394176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-49767", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "37328104" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37455230" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Werkzeug)). Supported versions that are affected are 24.2.0 and 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (Werkzeug)). Supported versions that are affected are 24.1.0-24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-24.2.0", "P-14117V-24.3.0", "P-14547V-24.1.0-24.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-24.2.0", "P-14117V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14117V-24.2.0", "P-14117V-24.3.0", "P-14547V-24.1.0-24.3.0" ] } ] }, { "cve": "CVE-2024-49771", "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "37338436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (MPXJ)). Supported versions that are affected are 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.13 and 24.12.0-24.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10354V-24.12.0-24.12.3", "P-10354V-21.12.0-21.12.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10354V-24.12.0-24.12.3", "P-10354V-21.12.0-21.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3078091.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10354V-24.12.0-24.12.3", "P-10354V-21.12.0-21.12.17" ] } ] }, { "cve": "CVE-2024-50379", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] }, { "date": "2025-04-15T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-14121V-24.2.0-24.2.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37748557" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37440930" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37440931" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37440942" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "37440962" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "37440933" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37440944" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Document Management (Apache Tomcat)). The supported version that is affected is 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (Apache Tomcat)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Tomcat)). The supported version that is affected is 8.1.2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.7.0", "P-14252V-24.3.0", "P-4436V-6.2.1", "P-10198V-12.2.1.4.0", "P-14489V-24.2.0" ], "known_not_affected": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.1-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078833.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.1-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078931.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14276V-8.1.2.7.0", "P-10198V-12.2.1.4.0", "P-14252V-24.3.0", "P-4436V-6.2.1", "P-14489V-24.2.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.1-24.2.4" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] }, { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-14121V-24.2.0-24.2.2" ] } ] }, { "cve": "CVE-2024-50602", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications User Data Repository", "text": "37414529" }, { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "37414561" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37414530" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "37414520" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37414545" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37414525" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (LibExpat)). Supported versions that are affected are 24.2.0 and 25.1.100. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Configuration (LibExpat)). Supported versions that are affected are 24.1.0-24.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (LibExpat)). Supported versions that are affected are 14.0.0, 15.0.0 and 15.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (LibExpat)). Supported versions that are affected are 6.0-6.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Mod_Security (LibExpat)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (LibExpat)). The supported version that is affected is 8.5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-24.2.0", "P-14547V-24.1.0-24.3.0", "P-1042(Mod_Security)V-12.2.1.4.0", "P-14597V-6.0-6.1", "P-1042(Mod_Security)V-14.1.2.0.0", "P-11108V-14.0.0", "P-11108V-15.0.0", "P-2276V-8.5.7", "P-14117V-25.1.100", "P-11108V-15.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-24.2.0", "P-14117V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11108V-14.0.0", "P-11108V-15.0.0", "P-11108V-15.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3079130.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0", "P-2276V-8.5.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14117V-24.2.0", "P-14547V-24.1.0-24.3.0", "P-1042(Mod_Security)V-12.2.1.4.0", "P-14597V-6.0-6.1", "P-1042(Mod_Security)V-14.1.2.0.0", "P-11108V-14.0.0", "P-11108V-15.0.0", "P-2276V-8.5.7", "P-14117V-25.1.100", "P-11108V-15.0.1" ] } ] }, { "cve": "CVE-2024-52046", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Network Integrity", "text": "37444781" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37444776" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37444775" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "37538396" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37444785" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "37444769" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37359601" }, { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "37444780" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "37449262" }, { "system_name": "Oracle Bug ID of OSS Support Tools", "text": "37444804" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Mina)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (Apache Mina)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Business Process Management Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Apache Mina)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Mina SSHD)). The supported version that is affected is 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (Apache Mina)). Supported versions that are affected are 13.5.0.0.0 and 24.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant (Apache Mina)). Supported versions that are affected are 2.11.0-2.12.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Services Tools Bundle (Apache Mina)). Supported versions that are affected are 8.00-8.18, 18.1-18.4, 19.1-19.4, 20.1-20.4, 22.2, 23.1-23.4, 24.1-24.4 and 25.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Mina)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Integrity product of Oracle Communications Applications (component: FileTransferJCA, VPLS Cartridge, TL1 Cartridge (Apache Mina)). Supported versions that are affected are 7.3.6, 7.4.0 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Integrity. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Integrity. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Proxy (Apache Mina)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0", "P-5325V-14.1.2.0.0", "P-10198V-14.1.2.0.0", "P-1370V-13.5.0.0.0", "P-5325V-12.2.1.4.0", "P-1330(Diagnostic Assistant)V-2.11.0-2.12.46", "P-1370V-24.1.0.0.0", "P-4491V-7.4.0", "P-1330(Services Tools Bundle)V-19.1-19.4", "P-4491V-7.5.0", "P-1330(Services Tools Bundle)V-18.1-18.4", "P-1330(Services Tools Bundle)V-24.1-24.4", "P-10198V-12.2.1.4.0", "P-1330(Services Tools Bundle)V-8.00-8.18", "P-1330(Services Tools Bundle)V-25.1", "P-14597V-6.0-6.1", "P-4491V-7.3.6", "P-14252V-24.3.0", "P-1330(Services Tools Bundle)V-20.1-20.4", "P-1330(Services Tools Bundle)V-22.2", "P-1330(Services Tools Bundle)V-23.1-23.4", "P-5565V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-14.1.2.0.0", "P-10198V-14.1.2.0.0", "P-10198V-12.2.1.4.0", "P-5325V-12.2.1.4.0", "P-5565V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-24.1.0.0.0", "P-1370V-13.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070733.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1330(Diagnostic Assistant)V-2.11.0-2.12.46", "P-1330(Services Tools Bundle)V-19.1-19.4", "P-1330(Services Tools Bundle)V-18.1-18.4", "P-1330(Services Tools Bundle)V-24.1-24.4", "P-1330(Services Tools Bundle)V-8.00-8.18", "P-1330(Services Tools Bundle)V-25.1", "P-1330(Services Tools Bundle)V-20.1-20.4", "P-1330(Services Tools Bundle)V-22.2", "P-1330(Services Tools Bundle)V-23.1-23.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078859.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4491V-7.4.0", "P-4491V-7.5.0", "P-4491V-7.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3077281.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-5325V-14.1.2.0.0", "P-10198V-14.1.2.0.0", "P-1370V-13.5.0.0.0", "P-5325V-12.2.1.4.0", "P-1330(Diagnostic Assistant)V-2.11.0-2.12.46", "P-1370V-24.1.0.0.0", "P-4491V-7.4.0", "P-1330(Services Tools Bundle)V-19.1-19.4", "P-4491V-7.5.0", "P-1330(Services Tools Bundle)V-18.1-18.4", "P-1330(Services Tools Bundle)V-24.1-24.4", "P-10198V-12.2.1.4.0", "P-1330(Services Tools Bundle)V-8.00-8.18", "P-1330(Services Tools Bundle)V-25.1", "P-14597V-6.0-6.1", "P-4491V-7.3.6", "P-14252V-24.3.0", "P-1330(Services Tools Bundle)V-20.1-20.4", "P-1330(Services Tools Bundle)V-22.2", "P-1330(Services Tools Bundle)V-23.1-23.4", "P-5565V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-5206", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Compliance Studio", "text": "37378760" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Reports (scikit-learn)). The supported version that is affected is 8.1.2.9. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Compliance Studio executes to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Compliance Studio accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14392V-8.1.2.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14392V-8.1.2.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3078903.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14392V-8.1.2.9" ] } ] }, { "cve": "CVE-2024-52303", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37492400" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "37492403" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (AIOHTTP)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). The supported version that is affected is 5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-5.2", "P-14489V-24.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3080353.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10761V-5.2", "P-14489V-24.2.0" ] } ] }, { "cve": "CVE-2024-52316", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "37348232" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Tomcat)). The supported version that is affected is 23.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11607V-23.2.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-23.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078677.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11607V-23.2.1" ] } ] }, { "cve": "CVE-2024-52317", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "37348232" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Tomcat)). The supported version that is affected is 23.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11607V-23.2.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-23.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078677.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11607V-23.2.1" ] } ] }, { "cve": "CVE-2024-53122", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "37522494" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager (Python)). The supported version that is affected is 15.0.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2136(Connection Manager)V-15.0.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136(Connection Manager)V-15.0.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077261.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2136(Connection Manager)V-15.0.1.0.0" ] } ] }, { "cve": "CVE-2024-53382", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1348V-24.1.10", "P-1348V-24.2.4", "P-1348V-23.2.16" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Express", "text": "37697085" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Application Express (component: General (PrismJS)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1348V-24.1.10", "P-1348V-24.2.4", "P-1348V-23.2.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1348V-24.1.10", "P-1348V-24.2.4", "P-1348V-23.2.16" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1348V-24.1.10", "P-1348V-24.2.4", "P-1348V-23.2.16" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1348V-24.1.10", "P-1348V-24.2.4", "P-1348V-23.2.16" ] } ] }, { "cve": "CVE-2024-54479", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-54502", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-54505", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-54508", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-54534", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-54543", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2024-54677", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] }, { "date": "2025-04-15T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-14121V-24.2.0-24.2.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37748557" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37440930" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37440942" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37440931" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "37440962" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37440944" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "37440933" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (Apache Tomcat)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Document Management (Apache Tomcat)). The supported version that is affected is 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Tomcat)). The supported version that is affected is 8.1.2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.7.0", "P-14252V-24.3.0", "P-4436V-6.2.1", "P-10198V-12.2.1.4.0", "P-14489V-24.2.0" ], "known_not_affected": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.1-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.1-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078833.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078931.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14276V-8.1.2.7.0", "P-10198V-12.2.1.4.0", "P-14252V-24.3.0", "P-4436V-6.2.1", "P-14489V-24.2.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.1-24.2.4" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] }, { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-14121V-24.2.0-24.2.2" ] } ] }, { "cve": "CVE-2024-5535", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Communications Broker", "text": "37756357" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "37044717" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37044687" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Routing (OpenSSL)). Supported versions that are affected are 4.1.0 and 4.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (OpenSSL)). Supported versions that are affected are 9.2.0, 9.3.0 and 10.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.0.0", "P-10758V-4.2.0", "P-10758V-4.1.0", "P-10750V-9.2.0", "P-4781V-9.2.0.0-9.2.9.2", "P-10750V-9.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10758V-4.2.0", "P-10758V-4.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079302.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.0.0", "P-10750V-9.2.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079324.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-10750V-10.0.0", "P-10758V-4.2.0", "P-10758V-4.1.0", "P-10750V-9.2.0", "P-4781V-9.2.0.0-9.2.9.2", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2024-56128", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "37717112" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37716995" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "37717005" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37717107" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "37717099" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (Apache Kafka)). Supported versions that are affected are 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking APIs accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: User Interface (Apache Kafka)). Supported versions that are affected are 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Platform (Apache Kafka)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0 and 15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Security (Apache Kafka)). Supported versions that are affected are 24.1.0-24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Network Analytics Data Director accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Apache Kafka)). Supported versions that are affected are 7.5.1, 7.6.0 and 7.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13676V-22.2.0.0.0", "P-2136(Platform)V-12.0.0.4.0-12.0.0.8.0", "P-12605V-22.1.0.0.0", "P-4516V-7.7.0", "P-14547V-24.1.0-24.3.0", "P-13676V-22.1.0.0.0", "P-2136(Platform)V-15.0.1.0.0", "P-4516V-7.5.1", "P-4516V-7.6.0", "P-2136(Platform)V-15.0.0.0.0", "P-12605V-22.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-22.2.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136(Platform)V-12.0.0.4.0-12.0.0.8.0", "P-2136(Platform)V-15.0.1.0.0", "P-2136(Platform)V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077261.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.7.0", "P-4516V-7.5.1", "P-4516V-7.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077278.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-13676V-22.2.0.0.0", "P-2136(Platform)V-12.0.0.4.0-12.0.0.8.0", "P-12605V-22.1.0.0.0", "P-4516V-7.7.0", "P-14547V-24.1.0-24.3.0", "P-13676V-22.1.0.0.0", "P-2136(Platform)V-15.0.1.0.0", "P-4516V-7.5.1", "P-4516V-7.6.0", "P-2136(Platform)V-15.0.0.0.0", "P-12605V-22.2.0.0.0" ] } ] }, { "cve": "CVE-2024-56171", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37806195" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 24.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core DBTier executes to compromise Oracle Communications Cloud Native Core DBTier. While the vulnerability is in Oracle Communications Cloud Native Core DBTier, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core DBTier accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core DBTier accessible data. CVSS 3.1 Base Score 7.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14974V-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14974V-24.2.4" ] } ] }, { "cve": "CVE-2024-56201", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37748748" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "37454722" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37748742" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Jinja)). The supported version that is affected is 24.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Jinja)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Alarms, KPI, and Measurements (Jinja)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-24.2.0-24.2.2", "P-14125V-24.2.5", "P-14277V-24.2.0-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-24.2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3079223.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-14125V-24.2.5", "P-14277V-24.2.0-24.2.4" ] } ] }, { "cve": "CVE-2024-56326", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37748748" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "37454722" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37748742" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Jinja)). The supported version that is affected is 24.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Jinja)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Alarms, KPI, and Measurements (Jinja)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-24.2.0-24.2.2", "P-14125V-24.2.5", "P-14277V-24.2.0-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-24.2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3079223.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-14125V-24.2.5", "P-14277V-24.2.0-24.2.4" ] } ] }, { "cve": "CVE-2024-56337", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] }, { "date": "2025-04-15T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-14121V-24.2.0-24.2.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37748557" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37440930" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "37440931" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "37440942" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "37440962" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "37440933" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37440944" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Document Management (Apache Tomcat)). The supported version that is affected is 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (Apache Tomcat)). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Tomcat)). The supported version that is affected is 8.1.2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.7.0", "P-14252V-24.3.0", "P-4436V-6.2.1", "P-10198V-12.2.1.4.0", "P-14489V-24.2.0" ], "known_not_affected": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.1-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079189.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3078833.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-24.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079218.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.1-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078931.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14276V-8.1.2.7.0", "P-10198V-12.2.1.4.0", "P-14252V-24.3.0", "P-4436V-6.2.1", "P-14489V-24.2.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-14277V-24.2.1-24.2.4" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14277V-24.2.1-24.2.4" ] }, { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-14121V-24.2.0-24.2.2" ] } ] }, { "cve": "CVE-2024-57699", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14634V-25.2.0", "P-14634V-25.1.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37680952" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "37680953" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37680920" }, { "system_name": "Oracle Bug ID of Autonomous Health Framework", "text": "37680965" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "37680962" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37680951" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "37680927" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "37680908" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "37693222" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "37680957" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37680946" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "37692891" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "37680958" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "37693226" }, { "system_name": "Oracle Bug ID of Oracle Policy Automation", "text": "37692953" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (json-smart)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Policy Automation (component: Determinations Engine (json-smart)). Supported versions that are affected are 12.2.0-12.2.36. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Policy Automation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (json-smart)). Supported versions that are affected are 8.1.2.5, 8.1.1.4, 8.0.8.6 and 8.0.7.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Autonomous Health Framework product of Oracle Autonomous Health Framework (component: Trace File Analyzer (json-smart)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (json-smart)). Supported versions that are affected are 7.5.1, 7.6.0 and 7.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (json-smart)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite Framework (json-smart)). Supported versions that are affected are 24.1.0-24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (json-smart)). Supported versions that are affected are 24.2.3 and 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (json-smart)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (json-smart)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (json-smart)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: User Interface (json-smart)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (json-smart)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (json-smart)). Supported versions that are affected are 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.13 and 24.12.0-24.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (json-smart)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.0.8.6", "P-4516V-7.7.0", "P-2270V-7.5.0", "P-13676V-22.1.0.0.0", "P-4516V-7.5.1", "P-4516V-7.6.0", "P-5624V-12.2.0-12.2.36", "P-14123V-24.2.3", "P-14277V-24.2.0-24.2.4", "P-13676V-21.1.0.0.0", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-14117V-24.2.3", "P-4622V-13.3.0.1", "P-12605V-22.1.0.0.0", "P-10354V-24.12.0-24.12.3", "P-12605V-21.1.0.0.0", "P-14117V-25.1.100", "P-5680V-8.1.2.5", "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10605V-21.12.0-21.12.15", "P-10605V-20.12.0-20.12.17", "P-14547V-24.1.0-24.3.0", "P-10354V-21.12.0-21.12.17", "P-5680V-8.0.7.8", "P-5680V-8.1.1.4", "P-12605V-22.2.0.0.0" ], "known_not_affected": [ "P-14634V-25.2.0", "P-14634V-25.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10354V-24.12.0-24.12.3", "P-10605V-21.12.0-21.12.15", "P-10605V-20.12.0-20.12.17", "P-10354V-21.12.0-21.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3078091.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5624V-12.2.0-12.2.36" ], "url": "https://support.oracle.com/rs?type=doc&id=3078527.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.8.6", "P-5680V-8.0.7.8", "P-5680V-8.1.1.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079096.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-25.2.0", "P-14634V-25.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.7.0", "P-4516V-7.5.1", "P-4516V-7.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077278.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077292.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-24.1.0-24.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079231.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-24.2.3", "P-14117V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079192.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3070733.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5680V-8.0.8.6", "P-4516V-7.7.0", "P-2270V-7.5.0", "P-13676V-22.1.0.0.0", "P-4516V-7.5.1", "P-4516V-7.6.0", "P-5624V-12.2.0-12.2.36", "P-14123V-24.2.3", "P-14277V-24.2.0-24.2.4", "P-13676V-21.1.0.0.0", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-14117V-24.2.3", "P-4622V-13.3.0.1", "P-12605V-22.1.0.0.0", "P-10354V-24.12.0-24.12.3", "P-12605V-21.1.0.0.0", "P-14117V-25.1.100", "P-5680V-8.1.2.5", "P-10354V-22.12.0-22.12.15", "P-10354V-23.12.0-23.12.13", "P-10605V-21.12.0-21.12.15", "P-10605V-20.12.0-20.12.17", "P-14547V-24.1.0-24.3.0", "P-10354V-21.12.0-21.12.17", "P-5680V-8.0.7.8", "P-5680V-8.1.1.4", "P-12605V-22.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-25.2.0", "P-14634V-25.1.0" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14634V-25.2.0", "P-14634V-25.1.0" ] } ] }, { "cve": "CVE-2024-6119", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8478(Shell General / Core Client)V-8.0.32-8.0.41", "P-8478(Shell General / Core Client)V-8.4.0-8.4.4", "P-8478(Shell General / Core Client)V-9.0.0-9.2.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Communications Broker", "text": "37756357" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "37044717" }, { "system_name": "Oracle Bug ID of MySQL Shell", "text": "37453576" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37044687" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Routing (OpenSSL)). Supported versions that are affected are 4.1.0 and 4.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Shell product of Oracle MySQL (component: Shell General / Core Client (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (OpenSSL)). Supported versions that are affected are 9.2.0, 9.3.0 and 10.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.0.0", "P-10758V-4.2.0", "P-10758V-4.1.0", "P-4781V-9.2.0.0-9.2.9.2", "P-10750V-9.2.0", "P-10750V-9.3.0" ], "known_not_affected": [ "P-8478(Shell General / Core Client)V-8.0.32-8.0.41", "P-8478(Shell General / Core Client)V-8.4.0-8.4.4", "P-8478(Shell General / Core Client)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10758V-4.2.0", "P-10758V-4.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079302.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Shell General / Core Client)V-8.0.32-8.0.41", "P-8478(Shell General / Core Client)V-8.4.0-8.4.4", "P-8478(Shell General / Core Client)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.0.0", "P-10750V-9.2.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079324.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-10750V-10.0.0", "P-10758V-4.2.0", "P-10758V-4.1.0", "P-4781V-9.2.0.0-9.2.9.2", "P-10750V-9.2.0", "P-10750V-9.3.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8478(Shell General / Core Client)V-8.0.32-8.0.41", "P-8478(Shell General / Core Client)V-8.4.0-8.4.4", "P-8478(Shell General / Core Client)V-9.0.0-9.2.0" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8478(Shell General / Core Client)V-8.0.32-8.0.41", "P-8478(Shell General / Core Client)V-8.4.0-8.4.4", "P-8478(Shell General / Core Client)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2024-6763", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "37664999" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "37664998" }, { "system_name": "Oracle Bug ID of Graph Server and Client", "text": "37665059" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37297119" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Eclipse Jetty)). Supported versions that are affected are 9.0.0, 9.0.1, 9.0.2 and 9.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Eclipse Jetty) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Security (Eclipse Jetty)). Supported versions that are affected are 9.0.0, 9.0.1, 9.0.2 and 9.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Graph Server and Client product of Oracle Graph Server and Client (component: Install (Eclipse Jetty)). Supported versions that are affected are 23.4.4 and 24.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Graph Server and Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Graph Server and Client accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14069V-23.4.4", "P-14069V-24.4.0", "P-10770V-9.0.3", "P-10770V-9.0.2", "P-11052V-9.0.1", "P-10770V-9.0.1", "P-11052V-9.0.0", "P-10770V-9.0.0", "P-11052V-9.0.3", "P-11052V-9.0.2" ], "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.1", "P-11052V-9.0.0", "P-11052V-9.0.3", "P-11052V-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079195.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-23.4.4", "P-14069V-24.4.0", "P-5(Oracle Database Workload Manager)V-21.3-21.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.3", "P-10770V-9.0.2", "P-10770V-9.0.1", "P-10770V-9.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079216.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14069V-23.4.4", "P-14069V-24.4.0", "P-10770V-9.0.3", "P-10770V-9.0.2", "P-11052V-9.0.1", "P-10770V-9.0.1", "P-11052V-9.0.0", "P-10770V-9.0.0", "P-11052V-9.0.3", "P-11052V-9.0.2" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] } ] }, { "cve": "CVE-2024-7254", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "37599167" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware MapViewer", "text": "37599232" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37599146" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "37355591" }, { "system_name": "Oracle Bug ID of Oracle Communications User Data Repository", "text": "37599168" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "37599259" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37599150" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37599154" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Google Protobuf-Java)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J (Google Protobuf-Java)). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Google Protobuf-Java)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Google Protobuf-Java)). Supported versions that are affected are 24.2.2 and 24.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Google Protobuf-Java)). Supported versions that are affected are 7.4.0-7.4.2 and 7.5.0-7.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Security (Google Protobuf-Java)). Supported versions that are affected are 15.0.0, 15.0.1 and 15.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Google Protobuf-Java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Google Protobuf-Java)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1215V-12.2.1.4.0", "P-14123V-24.3.0", "P-14123V-24.2.2", "P-14121V-24.2.0-24.2.2", "P-8576(Connector/J)V-9.0.0-9.1.0", "P-10605V-21.12.0-21.12.15", "P-10605V-20.12.0-20.12.17", "P-4516V-7.4.0-7.4.2", "P-11108V-15.0.0", "P-14118V-24.2.3", "P-11108V-15.0.2", "P-11108V-15.0.1", "P-4516V-7.5.0-7.5.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576(Connector/J)V-9.0.0-9.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.3.0", "P-14123V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077278.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11108V-15.0.0", "P-11108V-15.0.2", "P-11108V-15.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3079130.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1215V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-21.12.0-21.12.15", "P-10605V-20.12.0-20.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3078091.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1215V-12.2.1.4.0", "P-14123V-24.3.0", "P-14123V-24.2.2", "P-14121V-24.2.0-24.2.2", "P-8576(Connector/J)V-9.0.0-9.1.0", "P-10605V-21.12.0-21.12.15", "P-10605V-20.12.0-20.12.17", "P-4516V-7.4.0-7.4.2", "P-11108V-15.0.0", "P-14118V-24.2.3", "P-11108V-15.0.2", "P-11108V-15.0.1", "P-4516V-7.5.0-7.5.1" ] } ] }, { "cve": "CVE-2024-7264", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37363019" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (curl)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0" ] } ] }, { "cve": "CVE-2024-8176", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Perl)V-21.3-21.17", "P-5(Perl)V-23.4-23.7", "P-5(Perl)V-19.3-19.26" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37740851" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Perl (Libexpat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Perl)V-21.3-21.17", "P-5(Perl)V-23.4-23.7", "P-5(Perl)V-19.3-19.26" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Perl)V-21.3-21.17", "P-5(Perl)V-23.4-23.7", "P-5(Perl)V-19.3-19.26" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Perl)V-21.3-21.17", "P-5(Perl)V-23.4-23.7", "P-5(Perl)V-19.3-19.26" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Perl)V-21.3-21.17", "P-5(Perl)V-23.4-23.7", "P-5(Perl)V-19.3-19.26" ] } ] }, { "cve": "CVE-2024-8184", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37297119" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Eclipse Jetty) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.17" ] } ] }, { "cve": "CVE-2024-8775", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "37335566" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (Ansible)). Supported versions that are affected are 17.0-24.12. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Cloud Applications accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Cloud Applications accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-24.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-24.12" ], "url": "https://support.oracle.com/rs?type=doc&id=3078812.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-14107V-17.0-24.12" ] } ] }, { "cve": "CVE-2024-9143", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37331282" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "37618845" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "37618848" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "37618847" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "37618844" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "37618843" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37280166" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "37618873" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37618872" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Mod_Security (OpenSSL)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: FNDN (OpenSSL)). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Backup accessible data as well as unauthorized read access to a subset of MySQL Enterprise Backup accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Backup. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Database (OpenSSL) component of Oracle Database Server. Supported versions that are affected are 23.4-23.7. Easily exploitable vulnerability allows physical access to compromise Oracle Database (OpenSSL). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database (OpenSSL) accessible data as well as unauthorized read access to a subset of Oracle Database (OpenSSL) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database (OpenSSL). CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows physical access to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.41. Easily exploitable vulnerability allows physical access to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Workbench accessible data as well as unauthorized read access to a subset of MySQL Workbench accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Workbench. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Web Platform (OpenSSL)). The supported version that is affected is 21.7.1.0.0. Easily exploitable vulnerability allows physical access to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Essbase accessible data as well as unauthorized read access to a subset of Oracle Essbase accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Essbase. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.4.0-8.4.4", "P-8478(Server: Packaging)V-9.0.0-9.2.0", "P-2025V-12.2.1.4.0", "P-4379V-21.7.1.0.0", "P-1042(Mod_Security)V-14.1.2.0.0", "P-2025V-7.6.0.0.0", "P-8576(Connector/ODBC)V-9.0.0-9.2.0", "P-4629V-9.0.0-9.2.0", "P-5(Oracle Database)V-23.4-23.7", "P-8576(Connector/C++)V-9.0.0-9.2.0", "P-4627V-8.0.0-8.0.41", "P-1042(Mod_Security)V-12.2.1.4.0", "P-8478(Server: Packaging)V-8.4.0-8.4.4", "P-4629V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-8.0.0-8.0.41" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.4.0-8.4.4", "P-8478(Server: Packaging)V-9.0.0-9.2.0", "P-4627V-8.0.0-8.0.41", "P-8576(Connector/ODBC)V-9.0.0-9.2.0", "P-4629V-9.0.0-9.2.0", "P-8478(Server: Packaging)V-8.4.0-8.4.4", "P-8576(Connector/C++)V-9.0.0-9.2.0", "P-4629V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-8.0.0-8.0.41" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.6.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.7.1.0.0", "P-5(Oracle Database)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-4629V-8.4.0-8.4.4", "P-8478(Server: Packaging)V-9.0.0-9.2.0", "P-4627V-8.0.0-8.0.41", "P-4379V-21.7.1.0.0", "P-8576(Connector/ODBC)V-9.0.0-9.2.0", "P-4629V-9.0.0-9.2.0", "P-8478(Server: Packaging)V-8.4.0-8.4.4", "P-8576(Connector/C++)V-9.0.0-9.2.0", "P-4629V-8.0.0-8.0.41", "P-8478(Server: Packaging)V-8.0.0-8.0.41" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0", "P-2025V-7.6.0.0.0" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-23.4-23.7" ] } ] }, { "cve": "CVE-2024-9681", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "37389592" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Mod_Security (curl)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1042(Mod_Security)V-12.2.1.4.0", "P-1042(Mod_Security)V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2024-9902", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "37335566" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (Ansible)). Supported versions that are affected are 17.0-24.12. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Cloud Applications accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Cloud Applications accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-24.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-24.12" ], "url": "https://support.oracle.com/rs?type=doc&id=3078812.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-14107V-17.0-24.12" ] } ] }, { "cve": "CVE-2025-1974", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "37765008" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Ingress NGINX Controller)). The supported version that is affected is 24.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-24.2.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-24.2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3079223.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14125V-24.2.5" ] } ] }, { "cve": "CVE-2025-21502", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "37784207" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Element Manager product of Oracle Communications (component: Oracle Java SE). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-11052V-9.0.0-9.0.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079195.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-11052V-9.0.0-9.0.3" ] } ] }, { "cve": "CVE-2025-21573", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "37330682" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5322V-5.1.0.0.0", "P-5322V-6.1.0.0.0", "P-5322V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-6.1.0.0.0", "P-5322V-7.0.0.0.0", "P-5322V-5.1.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077979.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-5322V-6.1.0.0.0", "P-5322V-7.0.0.0.0", "P-5322V-5.1.0.0.0" ] } ] }, { "cve": "CVE-2025-21574", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "22958632" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "37709664" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.0-7.6.33, 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.4.0-8.4.4", "P-8478(Server: Parser)V-9.0.0-9.2.0", "P-8479V-8.0.0-8.0.41", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Parser)V-8.0.0-8.0.41", "P-8478(Server: Parser)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.4.0-8.4.4", "P-8478(Server: Parser)V-9.0.0-9.2.0", "P-8479V-8.0.0-8.0.41", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Parser)V-8.0.0-8.0.41", "P-8478(Server: Parser)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8479V-8.4.0-8.4.4", "P-8478(Server: Parser)V-9.0.0-9.2.0", "P-8479V-8.0.0-8.0.41", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Parser)V-8.0.0-8.0.41", "P-8478(Server: Parser)V-8.4.0-8.4.4" ] } ] }, { "cve": "CVE-2025-21575", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "27618273" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "37709687" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.0-7.6.33, 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.4.0-8.4.4", "P-8478(Server: Parser)V-9.0.0-9.2.0", "P-8479V-8.0.0-8.0.41", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Parser)V-8.0.0-8.0.41", "P-8478(Server: Parser)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.4.0-8.4.4", "P-8478(Server: Parser)V-9.0.0-9.2.0", "P-8479V-8.0.0-8.0.41", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Parser)V-8.0.0-8.0.41", "P-8478(Server: Parser)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8479V-8.4.0-8.4.4", "P-8478(Server: Parser)V-9.0.0-9.2.0", "P-8479V-8.0.0-8.0.41", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Parser)V-8.0.0-8.0.41", "P-8478(Server: Parser)V-8.4.0-8.4.4" ] } ] }, { "acknowledgments": [ { "names": [ "Athul Jayaram" ] } ], "cve": "CVE-2025-21576", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "30558459" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078810.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] } ] }, { "cve": "CVE-2025-21577", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "32288105" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ] } ] }, { "cve": "CVE-2025-21578", "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "34810754" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1522V-12.1.0.3", "P-1522V-12.1.0.2", "P-1522V-18.1.0.2", "P-1522V-12.1.0.1", "P-1522V-18.1.0.1", "P-1522V-18.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-12.1.0.3", "P-1522V-12.1.0.2", "P-1522V-18.1.0.2", "P-1522V-12.1.0.1", "P-1522V-18.1.0.1", "P-1522V-18.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1522V-12.1.0.3", "P-1522V-12.1.0.2", "P-1522V-18.1.0.2", "P-1522V-12.1.0.1", "P-1522V-18.1.0.1", "P-1522V-18.1.0.0" ] } ] }, { "cve": "CVE-2025-21579", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35308309" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Options)V-8.0.0-8.0.41", "P-8478(Server: Options)V-8.4.0-8.4.4", "P-8478(Server: Options)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Options)V-8.4.0-8.4.4", "P-8478(Server: Options)V-8.0.0-8.0.41", "P-8478(Server: Options)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Options)V-8.4.0-8.4.4", "P-8478(Server: Options)V-8.0.0-8.0.41", "P-8478(Server: Options)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-21580", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35507777" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: DML)V-8.0.0-8.0.41", "P-8478(Server: DML)V-9.0.0-9.2.0", "P-8478(Server: DML)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: DML)V-8.0.0-8.0.41", "P-8478(Server: DML)V-8.4.0-8.4.4", "P-8478(Server: DML)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: DML)V-8.0.0-8.0.41", "P-8478(Server: DML)V-8.4.0-8.4.4", "P-8478(Server: DML)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-21581", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35633084" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-21582", "ids": [ { "system_name": "Oracle Bug ID of Oracle CRM Technical Foundation", "text": "37526928" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data as well as unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1199V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1199V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1199V-12.2.3-12.2.14" ] } ] }, { "cve": "CVE-2025-21583", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35712413" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: DDL)V-8.4.0", "P-8478(Server: DDL)V-9.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: DDL)V-8.4.0", "P-8478(Server: DDL)V-9.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: DDL)V-8.4.0", "P-8478(Server: DDL)V-9.0.0" ] } ] }, { "cve": "CVE-2025-21584", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35721121" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: DDL)V-8.4.0-8.4.4", "P-8478(Server: DDL)V-9.0.0-9.2.0", "P-8478(Server: DDL)V-8.0.0-8.0.41" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: DDL)V-9.0.0-9.2.0", "P-8478(Server: DDL)V-8.0.0-8.0.41", "P-8478(Server: DDL)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: DDL)V-9.0.0-9.2.0", "P-8478(Server: DDL)V-8.0.0-8.0.41", "P-8478(Server: DDL)V-8.4.0-8.4.4" ] } ] }, { "acknowledgments": [ { "names": [ "yx" ] } ], "cve": "CVE-2025-21585", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35889583" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "Giulio Schiavone" ] } ], "cve": "CVE-2025-21586", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37255225" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-4781V-9.2.0.0-9.2.9.2" ] } ] }, { "acknowledgments": [ { "names": [ "Alicja Kario" ] } ], "cve": "CVE-2025-21587", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36330134" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-17.0.14", "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6", "P-856V-11.0.26", "P-13497V-17.0.14", "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441-perf", "P-856V-8u441" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-17.0.14", "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6", "P-856V-11.0.26", "P-13497V-17.0.14", "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441-perf", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-856V-17.0.14", "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6", "P-856V-11.0.26", "P-13497V-17.0.14", "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441-perf", "P-856V-8u441" ] } ] }, { "cve": "CVE-2025-21588", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36404149" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: DML)V-9.0.0-9.2.0", "P-8478(Server: DML)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: DML)V-8.4.0-8.4.4", "P-8478(Server: DML)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: DML)V-8.4.0-8.4.4", "P-8478(Server: DML)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-22228", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14974V-24.2.4" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37767512" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14974V-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14974V-24.2.4" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14974V-24.2.4" ] } ] }, { "cve": "CVE-2025-23022", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "37735485" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (FreeType)). The supported version that is affected is 8.5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2276V-8.5.7" ] } ] }, { "cve": "CVE-2025-23083", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "37516200" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37623825" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.14 and 21.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Node.js)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-17.0.14", "P-13497V-21.0.6", "P-14597V-6.0-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.0.6", "P-13497V-17.0.14" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-21.0.6", "P-13497V-17.0.14" ] }, { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-6.0-6.1" ] } ] }, { "cve": "CVE-2025-23084", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "37516200" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37623825" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.14 and 21.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Node.js)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-17.0.14", "P-13497V-21.0.6", "P-14597V-6.0-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.0.6", "P-13497V-17.0.14" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-21.0.6", "P-13497V-17.0.14" ] }, { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-6.0-6.1" ] } ] }, { "cve": "CVE-2025-23085", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "37516200" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37623825" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.14 and 21.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Node.js)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-17.0.14", "P-13497V-21.0.6", "P-14597V-6.0-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.0.6", "P-13497V-17.0.14" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-21.0.6", "P-13497V-17.0.14" ] }, { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-6.0-6.1" ] } ] }, { "cve": "CVE-2025-23184", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37614116" }, { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "37614127" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "37614108" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Forms Recognition", "text": "37614125" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Forms Recognition product of Oracle Fusion Middleware (component: Learnset Manager (Apache CXF)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Forms Recognition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Forms Recognition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Apache CXF)). The supported version that is affected is 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: User Interface (Apache CXF)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Integrators (Apache CXF)). Supported versions that are affected are 22.12.0-22.12.18, 23.12.0-23.12.13 and 24.12.0-24.12.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5579V-22.12.0-22.12.18", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-5579V-23.12.0-23.12.13", "P-5746V-14.1.1.0.0", "P-5579V-24.12.0-24.12.2", "P-14119V-25.1.100", "P-12605V-22.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5746V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-22.12.0-22.12.18", "P-5579V-23.12.0-23.12.13", "P-5579V-24.12.0-24.12.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078091.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5746V-14.1.1.0.0", "P-14119V-25.1.100" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5579V-22.12.0-22.12.18", "P-5579V-23.12.0-23.12.13", "P-5579V-24.12.0-24.12.2" ] } ] }, { "cve": "CVE-2025-24143", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2025-24150", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2025-24158", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2025-24162", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37536220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-21.3.13", "P-856V-8u441", "P-13497V-20.3.17" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441" ] } ] }, { "cve": "CVE-2025-24813", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Oracle Database Grid)V-19.3-19.26", "P-5(Oracle Database Grid)V-21.3-21.17" ] }, { "date": "2025-04-15T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-14974V-24.2.4" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37694630" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "37724998" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37725004" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37810951" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37725013" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "37724992" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "37725003" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "37725001" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Grid (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Apache Tomcat)). Supported versions that are affected are 11.3.2 and 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Apache Tomcat)). The supported version that is affected is 9.1.1.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Tomcat)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Web UI (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Web UI (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Apache Tomcat)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.4.0", "P-9633V-11.3.2", "P-10770V-9.0.0-9.0.3", "P-13940V-9.1.1.9", "P-10900V-15.0.0.0.0", "P-14597V-6.0-6.1", "P-11052V-9.0.0-9.0.3" ], "known_not_affected": [ "P-5(Oracle Database Grid)V-19.3-19.26", "P-5(Oracle Database Grid)V-21.3-21.17", "P-14974V-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Grid)V-19.3-19.26", "P-5(Oracle Database Grid)V-21.3-21.17" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.4.0", "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078810.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079216.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079195.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079225.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Grid)V-19.3-19.26", "P-5(Oracle Database Grid)V-21.3-21.17" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14974V-24.2.4" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9633V-11.4.0", "P-9633V-11.3.2", "P-10770V-9.0.0-9.0.3", "P-13940V-9.1.1.9", "P-10900V-15.0.0.0.0", "P-14597V-6.0-6.1", "P-11052V-9.0.0-9.0.3" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Oracle Database Grid)V-19.3-19.26", "P-5(Oracle Database Grid)V-21.3-21.17" ] }, { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-14974V-24.2.4" ] } ] }, { "cve": "CVE-2025-24928", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37806195" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 24.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core DBTier executes to compromise Oracle Communications Cloud Native Core DBTier. While the vulnerability is in Oracle Communications Cloud Native Core DBTier, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core DBTier accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core DBTier accessible data. CVSS 3.1 Base Score 7.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14974V-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14974V-24.2.4" ] } ] }, { "cve": "CVE-2025-24970", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-14974V-24.2.4" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37603381" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "37588891" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Certificate Management", "text": "37733692" }, { "system_name": "Oracle Bug ID of Oracle Communications Pricing Design Center", "text": "37588840" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37588782" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37588844" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "37588789" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "37588842" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "37588831" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37588826" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "37588815" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "37588835" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37588824" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37588829" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "37588818" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "37588807" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "37588838" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37588827" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37588817" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Services Manager (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0 and 15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Solution Designer (Netty)). Supported versions that are affected are 8.0.0.4.0 and 8.1.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Netty)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Netty)). Supported versions that are affected are 22.1.1.1.0-22.1.1.30.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Netty)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: REST (Netty)). Supported versions that are affected are 12.0.6.0.0, 15.0.0.0.0 and 15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Netty)). The supported version that is affected is 8.1.0.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (Netty)). Supported versions that are affected are 24.2.3 and 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Netty)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Netty)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Netty)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Security (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: User Interface (Netty)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (Netty)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Netty)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2270V-7.5.0", "P-13676V-22.1.0.0.0", "P-2545V-14.1.1.0.0", "P-14868V-24.2.2", "P-14123V-24.2.3", "P-14277V-24.2.0-24.2.4", "P-13676V-21.1.0.0.0", "P-14119V-24.2.3", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-8496V-8.1.0.26.0", "P-9437V-15.0.0.0.0", "P-2545V-14.1.2.0.0", "P-2283V-8.1.0.2.0", "P-14119V-25.1.100", "P-14118V-24.2.3", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0", "P-4623V-15.0.0.0.0", "P-14250V-24.2.2", "P-12605V-22.1.0.0.0", "P-2545V-12.2.1.4.0", "P-4623V-12.0.6.0.0", "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-12605V-21.1.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-4623V-15.0.1.0.0", "P-9437V-15.0.1.0.0", "P-2283V-8.0.0.4.0", "P-14597V-6.0-6.1", "P-1870V-22.1.1.1.0-22.1.1.30.0", "P-12605V-22.2.0.0.0" ], "known_not_affected": [ "P-14974V-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9437V-15.0.0.0.0", "P-9437V-15.0.1.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077300.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.4.0", "P-2283V-8.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077306.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.30.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077292.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4623V-12.0.6.0.0", "P-4623V-15.0.1.0.0", "P-4623V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078762.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.26.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077282.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-24.2.3", "P-14119V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079221.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077261.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14868V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079190.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2545V-12.2.1.4.0", "P-2545V-14.1.1.0.0", "P-2545V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2270V-7.5.0", "P-13676V-22.1.0.0.0", "P-2545V-14.1.1.0.0", "P-14868V-24.2.2", "P-14123V-24.2.3", "P-14277V-24.2.0-24.2.4", "P-13676V-21.1.0.0.0", "P-14119V-24.2.3", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-8496V-8.1.0.26.0", "P-9437V-15.0.0.0.0", "P-2545V-14.1.2.0.0", "P-2283V-8.1.0.2.0", "P-14119V-25.1.100", "P-14118V-24.2.3", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0", "P-4623V-15.0.0.0.0", "P-14250V-24.2.2", "P-12605V-22.1.0.0.0", "P-2545V-12.2.1.4.0", "P-4623V-12.0.6.0.0", "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-12605V-21.1.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-4623V-15.0.1.0.0", "P-9437V-15.0.1.0.0", "P-2283V-8.0.0.4.0", "P-14597V-6.0-6.1", "P-1870V-22.1.1.1.0-22.1.1.30.0", "P-12605V-22.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14974V-24.2.4" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-14974V-24.2.4" ] } ] }, { "cve": "CVE-2025-25193", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-14974V-24.2.4" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37603381" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "37588891" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Certificate Management", "text": "37733692" }, { "system_name": "Oracle Bug ID of Oracle Communications Pricing Design Center", "text": "37588840" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "37588782" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "37588789" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "37588844" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "37588831" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "37588842" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "37588815" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37588826" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37588824" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "37588835" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "37588807" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "37588818" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37588829" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "37588827" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "37588838" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37588817" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM Authentication (Netty)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: User Interface (Netty)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Netty)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Security (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Netty)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Netty)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Netty)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (Netty)). Supported versions that are affected are 24.2.3 and 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Netty)). The supported version that is affected is 8.1.0.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: REST (Netty)). Supported versions that are affected are 12.0.6.0.0, 15.0.0.0.0 and 15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Netty)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Services Manager (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0 and 15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Solution Designer (Netty)). Supported versions that are affected are 8.0.0.4.0 and 8.1.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Netty)). Supported versions that are affected are 6.0-6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Netty)). Supported versions that are affected are 22.1.1.1.0-22.1.1.30.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 24.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13676V-22.1.0.0.0", "P-2270V-7.5.0", "P-2545V-14.1.1.0.0", "P-14868V-24.2.2", "P-14123V-24.2.3", "P-13676V-21.1.0.0.0", "P-14277V-24.2.0-24.2.4", "P-14119V-24.2.3", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-8496V-8.1.0.26.0", "P-9437V-15.0.0.0.0", "P-2545V-14.1.2.0.0", "P-14118V-24.2.3", "P-14119V-25.1.100", "P-2283V-8.1.0.2.0", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0", "P-4623V-15.0.0.0.0", "P-14250V-24.2.2", "P-12605V-22.1.0.0.0", "P-2545V-12.2.1.4.0", "P-4623V-12.0.6.0.0", "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-12605V-21.1.0.0.0", "P-4623V-15.0.1.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-9437V-15.0.1.0.0", "P-2283V-8.0.0.4.0", "P-14597V-6.0-6.1", "P-1870V-22.1.1.1.0-22.1.1.30.0", "P-12605V-22.2.0.0.0" ], "known_not_affected": [ "P-14974V-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2545V-12.2.1.4.0", "P-2545V-14.1.1.0.0", "P-2545V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077261.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079221.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079228.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-24.2.3", "P-14119V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.26.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077282.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4623V-12.0.6.0.0", "P-4623V-15.0.1.0.0", "P-4623V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078762.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077292.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9437V-15.0.0.0.0", "P-9437V-15.0.1.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077300.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.4.0", "P-2283V-8.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077306.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=3077267.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.30.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14868V-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079190.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13676V-22.1.0.0.0", "P-2270V-7.5.0", "P-2545V-14.1.1.0.0", "P-14868V-24.2.2", "P-14123V-24.2.3", "P-13676V-21.1.0.0.0", "P-14277V-24.2.0-24.2.4", "P-14119V-24.2.3", "P-14121V-24.2.0-24.2.2", "P-13676V-22.2.0.0.0", "P-8496V-8.1.0.26.0", "P-9437V-15.0.0.0.0", "P-2545V-14.1.2.0.0", "P-14118V-24.2.3", "P-14119V-25.1.100", "P-2283V-8.1.0.2.0", "P-2136(Security)V-12.0.0.4.0-12.0.0.8.0", "P-4623V-15.0.0.0.0", "P-14250V-24.2.2", "P-12605V-22.1.0.0.0", "P-2545V-12.2.1.4.0", "P-4623V-12.0.6.0.0", "P-2136(Security)V-15.0.0.0.0-15.0.1.0.0", "P-12605V-21.1.0.0.0", "P-4623V-15.0.1.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-9437V-15.0.1.0.0", "P-2283V-8.0.0.4.0", "P-14597V-6.0-6.1", "P-1870V-22.1.1.1.0-22.1.1.30.0", "P-12605V-22.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14974V-24.2.4" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-14974V-24.2.4" ] } ] }, { "cve": "CVE-2025-26465", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13940V-9.1.1.9" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37641500" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (OpenSSH)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13940V-9.1.1.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.9" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13940V-9.1.1.9" ] } ] }, { "cve": "CVE-2025-26466", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13940V-9.1.1.9" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "37641500" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (OpenSSH)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13940V-9.1.1.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.9" ], "url": "https://support.oracle.com/rs?type=doc&id=3079193.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.9" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13940V-9.1.1.9" ] } ] }, { "cve": "CVE-2025-26791", "flags": [ { "date": "2025-04-15T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1348V-24.1.9", "P-1348V-23.2.15", "P-1348V-24.2.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Express", "text": "37607202" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Application Express (component: General (DOMPurify)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1348V-23.2.15", "P-1348V-24.2.3", "P-1348V-24.1.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1348V-24.1.9", "P-1348V-23.2.15", "P-1348V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1348V-24.1.9", "P-1348V-23.2.15", "P-1348V-24.2.3" ] } ], "threats": [ { "category": "impact", "date": "2025-04-15T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1348V-24.1.9", "P-1348V-23.2.15", "P-1348V-24.2.3" ] } ] }, { "cve": "CVE-2025-27113", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "37806195" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 24.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core DBTier executes to compromise Oracle Communications Cloud Native Core DBTier. While the vulnerability is in Oracle Communications Cloud Native Core DBTier, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core DBTier accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core DBTier accessible data. CVSS 3.1 Base Score 7.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14974V-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079219.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14974V-24.2.4" ] } ] }, { "cve": "CVE-2025-27363", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "37735485" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (FreeType)). The supported version that is affected is 8.5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3078819.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2276V-8.5.7" ] } ] }, { "cve": "CVE-2025-27516", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "37748748" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "37454722" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37748742" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Jinja)). The supported version that is affected is 24.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Jinja)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Alarms, KPI, and Measurements (Jinja)). Supported versions that are affected are 24.2.0-24.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-24.2.0-24.2.2", "P-14125V-24.2.5", "P-14277V-24.2.0-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-24.2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=3079223.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-24.2.0-24.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3079188.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-24.2.0-24.2.2", "P-14125V-24.2.5", "P-14277V-24.2.0-24.2.4" ] } ] }, { "cve": "CVE-2025-27789", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "37748688" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Babel)). Supported versions that are affected are 24.2.0-24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-24.2.0-24.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-24.2.0-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3079229.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14277V-24.2.0-24.2.4" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2025-30681", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36421684" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "37709187" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.0-7.6.33, 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2025-30682", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36421690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2025-30683", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36468589" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-8.4.0-8.4.4", "P-8478(Server: Replication)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2025-30684", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36479083" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-8.4.0-8.4.4", "P-8478(Server: Replication)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2025-30685", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36479088" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-8.4.0-8.4.4", "P-8478(Server: Replication)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Replication)V-8.0.0-8.0.41", "P-8478(Server: Replication)V-9.0.0-9.2.0", "P-8478(Server: Replication)V-8.4.0-8.4.4" ] } ] }, { "cve": "CVE-2025-30686", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hospitality Simphony", "text": "36591166" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11594V-19.1-19.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11594V-19.1-19.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3075400.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "P-11594V-19.1-19.7" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" }, { "names": [ "Zongrui Peng" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2025-30687", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36593244" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" }, { "names": [ "Zongrui Peng" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2025-30688", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36593253" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-30689", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "36610878" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.41", "P-8478(Server: Optimizer)V-8.4.0-8.4.4", "P-8478(Server: Optimizer)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-30690", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "36705896" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=3078936.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "cve": "CVE-2025-30691", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "36855128" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6" ] } ] }, { "acknowledgments": [ { "names": [ "Brandon Cox" ], "organization": "3D Systems" } ], "cve": "CVE-2025-30692", "ids": [ { "system_name": "Oracle Bug ID of Oracle iSupplier Portal", "text": "36979761" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.7-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupplier Portal accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-208V-12.2.7-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-208V-12.2.7-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-208V-12.2.7-12.2.14" ] } ] }, { "cve": "CVE-2025-30693", "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "37709706" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "36993445" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.0-7.6.33, 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster as well as unauthorized update, insert or delete access to some of MySQL Cluster accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ] } ] }, { "acknowledgments": [ { "names": [ "Alberto Arganese" ], "organization": "TIM S.p.A." }, { "names": [ "Cristian Castrechini" ], "organization": "TIM S.p.A." }, { "names": [ "Federico Draghelli" ], "organization": "TIM S.p.A." }, { "names": [ "Massimiliano Brolli" ], "organization": "TIM S.p.A." } ], "cve": "CVE-2025-30694", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37054892" } ], "notes": [ { "category": "description", "text": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in XML Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of XML Database accessible data as well as unauthorized read access to a subset of XML Database accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(XML Database)V-19.3-19.26", "P-5(XML Database)V-21.3-21.17", "P-5(XML Database)V-23.4-23.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(XML Database)V-19.3-19.26", "P-5(XML Database)V-21.3-21.17", "P-5(XML Database)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5(XML Database)V-19.3-19.26", "P-5(XML Database)V-21.3-21.17", "P-5(XML Database)V-23.4-23.7" ] } ] }, { "cve": "CVE-2025-30695", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37061960" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ] } ] }, { "cve": "CVE-2025-30696", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37077424" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: PS)V-8.0.0-8.0.41", "P-8478(Server: PS)V-9.0.0-9.2.0", "P-8478(Server: PS)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: PS)V-8.0.0-8.0.41", "P-8478(Server: PS)V-9.0.0-9.2.0", "P-8478(Server: PS)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: PS)V-8.0.0-8.0.41", "P-8478(Server: PS)V-9.0.0-9.2.0", "P-8478(Server: PS)V-8.4.0-8.4.4" ] } ] }, { "cve": "CVE-2025-30697", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "37121970" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=3078811.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5085V-8.61", "P-5085V-8.60", "P-5085V-8.62" ] } ] }, { "cve": "CVE-2025-30698", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "37169419" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-17.0.14", "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6", "P-856V-11.0.26", "P-13497V-17.0.14", "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441-perf", "P-856V-8u441" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-17.0.14", "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6", "P-856V-11.0.26", "P-13497V-17.0.14", "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441-perf", "P-856V-8u441" ], "url": "https://support.oracle.com/rs?type=doc&id=3077360.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-856V-17.0.14", "P-13497V-24", "P-856V-21.0.6", "P-856V-24", "P-13497V-21.0.6", "P-856V-11.0.26", "P-13497V-17.0.14", "P-13497V-21.3.13", "P-13497V-20.3.17", "P-856V-8u441-perf", "P-856V-8u441" ] } ] }, { "cve": "CVE-2025-30699", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37193011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Stored Procedure)V-9.0.0-9.2.0", "P-8478(Server: Stored Procedure)V-8.0.0-8.0.41", "P-8478(Server: Stored Procedure)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Stored Procedure)V-9.0.0-9.2.0", "P-8478(Server: Stored Procedure)V-8.0.0-8.0.41", "P-8478(Server: Stored Procedure)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Stored Procedure)V-9.0.0-9.2.0", "P-8478(Server: Stored Procedure)V-8.0.0-8.0.41", "P-8478(Server: Stored Procedure)V-8.4.0-8.4.4" ] } ] }, { "cve": "CVE-2025-30700", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "37211554" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=3078936.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "acknowledgments": [ { "names": [ "Michael Kutz" ] } ], "cve": "CVE-2025-30701", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37214200" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via Oracle Net to compromise RAS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all RAS Security accessible data as well as unauthorized access to critical data or complete access to all RAS Security accessible data. CVSS 3.1 Base Score 7.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RAS Security)V-21.3-21.17", "P-5(RAS Security)V-19.3-19.26", "P-5(RAS Security)V-23.4-23.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RAS Security)V-19.3-19.26", "P-5(RAS Security)V-21.3-21.17", "P-5(RAS Security)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-5(RAS Security)V-19.3-19.26", "P-5(RAS Security)V-21.3-21.17", "P-5(RAS Security)V-23.4-23.7" ] } ] }, { "cve": "CVE-2025-30702", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37214299" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Fleet Patching and Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Fleet Patching and Provisioning)V-19.3-19.26" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Fleet Patching and Provisioning)V-19.3-19.26" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Fleet Patching and Provisioning)V-19.3-19.26" ] } ] }, { "cve": "CVE-2025-30703", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37286473" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.2.0", "P-8478(InnoDB)V-8.0.0-8.0.41", "P-8478(InnoDB)V-8.4.0-8.4.4" ] } ] }, { "cve": "CVE-2025-30704", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37286895" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Components Services)V-8.4.0-8.4.4", "P-8478(Server: Components Services)V-9.0.0-9.2.0", "P-8478(Server: Components Services)V-8.0.0-8.0.41" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Components Services)V-8.4.0-8.4.4", "P-8478(Server: Components Services)V-8.0.0-8.0.41", "P-8478(Server: Components Services)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Components Services)V-8.4.0-8.4.4", "P-8478(Server: Components Services)V-8.0.0-8.0.41", "P-8478(Server: Components Services)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-30705", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37292797" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: PS)V-8.0.0-8.0.41", "P-8478(Server: PS)V-9.0.0-9.2.0", "P-8478(Server: PS)V-8.4.0-8.4.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: PS)V-8.0.0-8.0.41", "P-8478(Server: PS)V-9.0.0-9.2.0", "P-8478(Server: PS)V-8.4.0-8.4.4" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: PS)V-8.0.0-8.0.41", "P-8478(Server: PS)V-9.0.0-9.2.0", "P-8478(Server: PS)V-8.4.0-8.4.4" ] } ] }, { "acknowledgments": [ { "names": [ "JiAn Zhou" ], "organization": "Alibaba" }, { "names": [ "Ying Zhu" ], "organization": "Alibaba" }, { "names": [ "Ziyang Li" ], "organization": "Alibaba" } ], "cve": "CVE-2025-30706", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "37311996" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8576(Connector/J)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576(Connector/J)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8576(Connector/J)V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "Aamir Rehman Yousafzai" ] } ], "cve": "CVE-2025-30707", "ids": [ { "system_name": "Oracle Bug ID of Oracle iStore", "text": "37327686" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-384V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-384V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-384V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Aamir Rehman Yousafzai" ] } ], "cve": "CVE-2025-30708", "ids": [ { "system_name": "Oracle Bug ID of Oracle User Management", "text": "37327694" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1475V-12.2.4-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1475V-12.2.4-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1475V-12.2.4-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Brandon Stamm" ] } ], "cve": "CVE-2025-30709", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37327934" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-4781V-9.2.0.0-9.2.9.2" ] } ] }, { "cve": "CVE-2025-30710", "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "37372650" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-9.0.0-9.2.0", "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8479V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8479V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "Th�o GOBINET" ], "organization": "ENGIE IT Offensive Cybersecurity Team" } ], "cve": "CVE-2025-30711", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Framework", "text": "37405767" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1472V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1472V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1472V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "CVR" ], "organization": "Google" }, { "names": [ "Juan Jos� L�pez Jaimez" ], "organization": "Google" } ], "cve": "CVE-2025-30712", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "37777630" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.1.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.1.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3078858.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-8370V-7.1.6" ] } ] }, { "acknowledgments": [ { "names": [ "Dominique RIGHETTO" ], "organization": "Excellium Cyber Solution By Thales" } ], "cve": "CVE-2025-30713", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise HCM Talent Acquisition Manager", "text": "37415045" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft (component: Job Opening). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Talent Acquisition Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Talent Acquisition Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5078V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5078V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078811.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5078V-9.2" ] } ] }, { "acknowledgments": [ { "names": [ "Jakub Barton" ] } ], "cve": "CVE-2025-30714", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "37418436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8576(Connector/Python)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576(Connector/Python)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8576(Connector/Python)V-9.0.0-9.2.0" ] } ] }, { "cve": "CVE-2025-30715", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37437317" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Components Services)V-8.4.0-8.4.4", "P-8478(Server: Components Services)V-9.0.0-9.2.0", "P-8478(Server: Components Services)V-8.0.0-8.0.41" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Components Services)V-8.4.0-8.4.4", "P-8478(Server: Components Services)V-8.0.0-8.0.41", "P-8478(Server: Components Services)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Components Services)V-8.4.0-8.4.4", "P-8478(Server: Components Services)V-8.0.0-8.0.41", "P-8478(Server: Components Services)V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "Ahmed Abbas" ] } ], "cve": "CVE-2025-30716", "ids": [ { "system_name": "Oracle Bug ID of Oracle Common Applications", "text": "37440437" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1198V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1198V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1198V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Ahmed Abbas" ] } ], "cve": "CVE-2025-30717", "ids": [ { "system_name": "Oracle Bug ID of Oracle Teleservice", "text": "37440440" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite (component: Service Diagnostics Scripts). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Teleservice. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Teleservice accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-543V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-543V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-543V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Mochamad Akbar Anggamaulana" ] } ], "cve": "CVE-2025-30718", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Framework", "text": "37440460" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1472V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1472V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1472V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Zong Cao" ] } ], "cve": "CVE-2025-30719", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "37762617" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.1.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.1.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3078858.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-7.1.6" ] } ] }, { "cve": "CVE-2025-30720", "ids": [ { "system_name": "Oracle Bug ID of Oracle Configurator", "text": "37447345" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Configurator accessible data as well as unauthorized read access to a subset of Oracle Configurator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-31V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-31V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-31V-12.2.3-12.2.14" ] } ] }, { "cve": "CVE-2025-30721", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37523857" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: UDF)V-8.4.0-8.4.4", "P-8478(Server: UDF)V-8.0.0-8.0.41", "P-8478(Server: UDF)V-9.0.0-9.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: UDF)V-8.4.0-8.4.4", "P-8478(Server: UDF)V-8.0.0-8.0.41", "P-8478(Server: UDF)V-9.0.0-9.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: UDF)V-8.4.0-8.4.4", "P-8478(Server: UDF)V-8.0.0-8.0.41", "P-8478(Server: UDF)V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "AWS Security" ], "organization": "Amazon" } ], "cve": "CVE-2025-30722", "ids": [ { "system_name": "Oracle Bug ID of MySQL Client", "text": "37540722" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "37709163" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.0-7.6.33, 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Cluster accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(Client: mysqldump)V-8.4.0-8.4.4", "P-8479V-7.6.0-7.6.33", "P-8478(Client: mysqldump)V-9.0.0-9.2.0", "P-8479V-9.0.0-9.2.0", "P-8478(Client: mysqldump)V-8.0.0-8.0.41" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8478(Client: mysqldump)V-8.4.0-8.4.4", "P-8479V-7.6.0-7.6.33", "P-8478(Client: mysqldump)V-9.0.0-9.2.0", "P-8479V-9.0.0-9.2.0", "P-8478(Client: mysqldump)V-8.0.0-8.0.41" ], "url": "https://support.oracle.com/rs?type=doc&id=3078827.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-8478(Client: mysqldump)V-8.4.0-8.4.4", "P-8478(Client: mysqldump)V-9.0.0-9.2.0", "P-8478(Client: mysqldump)V-8.0.0-8.0.41" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8479V-8.4.0-8.4.4", "P-8479V-8.0.0-8.0.41", "P-8479V-7.6.0-7.6.33", "P-8479V-9.0.0-9.2.0" ] } ] }, { "acknowledgments": [ { "names": [ "Jean-Michel Huguet" ], "organization": "NATO Cyber Security Centre (NCSC)" } ], "cve": "CVE-2025-30723", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "37550058" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0", "P-1479V-7.6.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.6.0.0.0", "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-1479V-7.6.0.0.0", "P-1479V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Jean-Michel Huguet" ], "organization": "NATO Cyber Security Centre (NCSC)" } ], "cve": "CVE-2025-30724", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "37550067" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0", "P-1479V-7.6.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.6.0.0.0", "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3078843.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1479V-7.6.0.0.0", "P-1479V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Zong Cao" ], "organization": "Cyber Security Lab" } ], "cve": "CVE-2025-30725", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "37598189" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.1.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.1.6" ], "url": "https://support.oracle.com/rs?type=doc&id=3078858.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "products": [ "P-8370V-7.1.6" ] } ] }, { "acknowledgments": [ { "names": [ "IuHrm" ] } ], "cve": "CVE-2025-30726", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Object Library", "text": "37614914" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-510V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-510V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-510V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "IuHrm" ] } ], "cve": "CVE-2025-30727", "ids": [ { "system_name": "Oracle Bug ID of Oracle Scripting", "text": "37614922" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover of Oracle Scripting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-433V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-433V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-433V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "IuHrm" ] } ], "cve": "CVE-2025-30728", "ids": [ { "system_name": "Oracle Bug ID of Oracle Configurator", "text": "37614928" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-31V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-31V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-31V-12.2.3-12.2.14" ] } ] }, { "cve": "CVE-2025-30729", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "37499037" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "37530543" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2270(Security)V-7.4.0", "P-2270(Security)V-7.4.1", "P-2270(Security)V-7.5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270(Security)V-7.4.0", "P-2270(Security)V-7.4.1", "P-2270(Security)V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3077292.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2270(Security)V-7.4.0", "P-2270(Security)V-7.4.1", "P-2270(Security)V-7.5.0" ] } ] }, { "acknowledgments": [ { "names": [ "Alexandre Aubut" ], "organization": "Centre Gouvernementale de cyberd�fense du Qu�bec" }, { "names": [ "Fran�ois Longchamps" ], "organization": "Centre Gouvernementale de cyberd�fense du Qu�bec" } ], "cve": "CVE-2025-30730", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Object Library", "text": "37620005" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-510V-12.2.5-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-510V-12.2.5-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-510V-12.2.5-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Alexandre Aubut" ], "organization": "Centre Gouvernementale de cyberd�fense du Qu�bec" }, { "names": [ "Fran�ois Longchamps" ], "organization": "Centre Gouvernementale de cyberd�fense du Qu�bec" } ], "cve": "CVE-2025-30731", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Technology Stack", "text": "37620008" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Applications Technology Stack executes to compromise Oracle Applications Technology Stack. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data as well as unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1745V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1745V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1745V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Alexandre Aubut" ], "organization": "Centre Gouvernementale de cyberd�fense du Qu�bec" }, { "names": [ "Fran�ois Longchamps" ], "organization": "Centre Gouvernementale de cyberd�fense du Qu�bec" } ], "cve": "CVE-2025-30732", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Object Library", "text": "37620009" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-510V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-510V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-510V-12.2.3-12.2.14" ] } ] }, { "acknowledgments": [ { "names": [ "Craig at driftnet.io" ] } ], "cve": "CVE-2025-30733", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37674901" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise RDBMS Listener. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Listener accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RDBMS Listener)V-21.3-21.17", "P-5(RDBMS Listener)V-19.3-19.26", "P-5(RDBMS Listener)V-23.4-23.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS Listener)V-21.3-21.17", "P-5(RDBMS Listener)V-19.3-19.26", "P-5(RDBMS Listener)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS Listener)V-21.3-21.17", "P-5(RDBMS Listener)V-19.3-19.26", "P-5(RDBMS Listener)V-23.4-23.7" ] } ] }, { "cve": "CVE-2025-30735", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise CC Common Application Objects", "text": "37629944" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field Configuration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8911V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8911V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078811.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-8911V-9.2" ] } ] }, { "cve": "CVE-2025-30736", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37542176" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Java VM)V-21.3-21.17", "P-5(Java VM)V-23.4-23.7", "P-5(Java VM)V-19.3-19.26" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Java VM)V-21.3-21.17", "P-5(Java VM)V-19.3-19.26", "P-5(Java VM)V-23.4-23.7" ], "url": "https://support.oracle.com/rs?type=doc&id=3070732.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-5(Java VM)V-21.3-21.17", "P-5(Java VM)V-19.3-19.26", "P-5(Java VM)V-23.4-23.7" ] } ] }, { "acknowledgments": [ { "names": [ "Abhijit Gaikwad" ] }, { "names": [ "Alaa Kachouh" ] } ], "cve": "CVE-2025-30737", "ids": [ { "system_name": "Oracle Bug ID of Oracle Smart View for Office", "text": "37373515" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Smart View for Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Smart View for Office accessible data as well as unauthorized access to critical data or complete access to all Oracle Smart View for Office accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4407V-24.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4407V-24.200" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-4407V-24.200" ] } ] }, { "acknowledgments": [ { "names": [ "Giulio Schiavone" ] } ], "cve": "CVE-2025-30740", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37753334" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=3078792.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4781V-9.2.0.0-9.2.9.2" ] } ] }, { "cve": "CVE-2025-31720", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37788794" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37788799" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Jenkins)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 22.4.0 and 23.1.0-23.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-24.2.3", "P-14119V-23.1.0-23.4.0", "P-14119V-22.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.0-23.4.0", "P-14119V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14119V-23.1.0-23.4.0", "P-14119V-22.4.0", "P-14118V-24.2.3" ] } ] }, { "cve": "CVE-2025-31721", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "37788794" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "37788799" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Configuration (Jenkins)). The supported version that is affected is 24.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 22.4.0 and 23.1.0-23.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-24.2.3", "P-14119V-23.1.0-23.4.0", "P-14119V-22.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-24.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=3079214.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.0-23.4.0", "P-14119V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=3079232.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14119V-23.1.0-23.4.0", "P-14119V-22.4.0", "P-14118V-24.2.3" ] } ] } ] }