Oracle Critical Patch Update Advisory - January 2023 - Oracle CVRF Oracle Critical Patch Update Advisory CPUJan2023 Final 3 3 2023-02-27T13:00:00-07:00 Rev 3. Coherence version updated for CVE-2022-23305. Credit name update. 2023-01-17T13:00:00-07:00 2023-02-27T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had security patches released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including security patch distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml https://www.oracle.com/security-alerts/cpujan2023.html URL to html version of Advisory Aakash Vishwakarma Aakash Vishwakarma Adam Willard Adam Willard Amit Kumar Biswas AnhNH Sacombank Aobo Wang of Chaitin Security Research Lab Ayush Sahu Ayush Sahu BeichenDream benoit@stedi NILESH AGRAWAL KOYO Uddeshaya Srivastava ChauUHM Sacombank Chirag Ketan Prajapati Chirag Ketan Prajapati Dayaram Godara Glypth O Dhiraj Mishra Dhiraj Mishra Exist (exist91240480) working with Trend Micro Zero Day Initiative Hannu Forsten Hannu Forsten 0xrumble Huzifa Ahmed Huzifa Ahmed Imran Hossain Imran Hossain Jeff Dileo NCC Group Jie Liang WingTecher Lab of Tsinghua University Jingzhou Fu WingTecher Lab of Tsinghua University Johnathon Wilson NCC Group Juraj Somorovsky Paderborn University Kathan Patel Kathan Patel Krishna Kaiwartya Krishna Kaiwartya Kun Yang of Chaitin Security Research Lab Liboheng of Tophant Starlight laboratory thiscodecc of MoyunSec TopBreaker Labs and Bing Liu of MoyunSec Marcel Maehren Ruhr-University Bochum Markus Loewe Markus Loewe Michael Kutz Michael Kutz Nisha Thakur Nisha Thakur Nour Ehab Abd Eldayem Cysiv Nurullah Erinola Ruhr-University Bochum Okan Basegmez Peter Mularien, Nightcrawler Security, LLC working with Trend Micro Zero Day Initiative 4ra1n of X-Ray Security Team from Chaitin Tech Ranjeet Kumar Singh (geekboyranjeet) Faizan Ahmed Rijo Raju Rijo Raju Rishabh_2708 Ritik Jangra Ritik Jangra Robert Merget of Ruhr-University Bochum Siqi Chen of Shanghai Jiao Tong University Sohail Ahmed Sohail Ahmed TungHT Sacombank 0xrumbe, Lamber, M1s5p of ThreatBook Labs Wesley "Dk4trin" Santos Mehdi Benchalal from WPScan Lamber M1s5p Y4tacker Yash Kushwah Yash Kushwah Yu Wang BMH Security Team Yuriy Pobezhymov Yuriy Pobezhymov Zhiyong Wu WingTecher Lab of Tsinghua University Zu-Ming Jiang Zu-Ming Jiang r00t4dm working with Trend Micro Zero Day Initiative thiscodecc of MoyunSec TopBreaker Labs Gaurav Dalal (webcipher101) Oracle BI Publisher Version 12.2.1.4.0 Oracle BI Publisher Version 5.9.0.0.0 Oracle BI Publisher Version 6.4.0.0.0 Oracle Business Intelligence Enterprise Edition Version 5.9.0.0.0 Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0 Big Data Spatial and Graph Version Prior to 21.4.3 Big Data Spatial and Graph Version Prior to 23.1.0 Oracle Commerce Guided Search Version 11.3.2 Management Cloud Engine Version 22.1.0.0.0 Oracle Communications Cloud Native Core Automated Test Suite Version 22.2.2 Oracle Communications Cloud Native Core Automated Test Suite Version 22.3.1 Oracle Communications Cloud Native Core Automated Test Suite Version 22.4.0 Oracle Communications Cloud Native Core Binding Support Function Version 22.1.0 Oracle Communications Cloud Native Core Binding Support Function Version 22.1.1 Oracle Communications Cloud Native Core Binding Support Function Version 22.2.0 Oracle Communications Cloud Native Core Binding Support Function Version 22.2.1 Oracle Communications Cloud Native Core Binding Support Function Version 22.2.2 Oracle Communications Cloud Native Core Binding Support Function Version 22.2.4 Oracle Communications Cloud Native Core Binding Support Function Version 22.3.0 Oracle Communications Cloud Native Core Binding Support Function Version 22.3.0-22.4.0 Oracle Communications Cloud Native Core Binding Support Function Version 22.3.1 Oracle Communications Cloud Native Core Binding Support Function Version 22.3.2 Oracle Communications Cloud Native Core Binding Support Function Version 22.4.0 Oracle Communications Cloud Native Core Console Version 22.3.0 Oracle Communications Cloud Native Core Console Version 22.4.0 Oracle Communications Cloud Native Core Network Data Analytics Function Version 22.0.0.0.0 Oracle Communications Cloud Native Core Network Exposure Function Version 22.3.1 Oracle Communications Cloud Native Core Network Exposure Function Version 22.4.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 22.3.0 Oracle Communications Cloud Native Core Network Repository Function Version 22.3.0 Oracle Communications Cloud Native Core Network Repository Function Version 22.3.2 Oracle Communications Cloud Native Core Network Slice Selection Function Version 22.3.1 Oracle Communications Cloud Native Core Network Slice Selection Function Version 22.4.1 Oracle Communications Cloud Native Core Policy Version 1.11.0 Oracle Communications Cloud Native Core Policy Version 22.3.0 Oracle Communications Cloud Native Core Policy Version 22.4.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.3.1 Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.0 Oracle Communications Cloud Native Core Unified Data Repository Version 22.2.2 Oracle Communications Cloud Native Core Unified Data Repository Version 22.2.3 Oracle Communications Cloud Native Core Unified Data Repository Version 22.3.3 Oracle Communications Cloud Native Core Unified Data Repository Version 22.3.4 Oracle Communications Cloud Native Core Unified Data Repository Version 22.4.0 Oracle Communications Converged Application Server Version 7.1.0 Oracle Communications Converged Application Server Version 8.0.0 Oracle Communications Diameter Intelligence Hub Version 8.2.3.0 Oracle Communications Diameter Signaling Router Version 8.6.0.0 Oracle Communications Performance Intelligence Center (PIC) Software Version 10.4.0.4.1 Oracle SD-WAN Aware Version 8.2.1.9.0 Oracle SD-WAN Aware Version 9.0.1.4.0 Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.3.0-12.0.0.7.0 Oracle Communications Billing and Revenue Management(EAI Manager) Version 12.0.0.4.0-12.0.0.7.0 Oracle Communications Billing and Revenue Management(REST Services Manager) Version 12.0.0.4.0-12.0.0.7.0 Oracle Communications Billing and Revenue Management Version 12.0.0.4.0-12.0.0.7.0 Oracle Communications Calendar Server Version 8.0.0.6.0 Oracle Communications Contacts Server Version 8.0.0.7.0 Oracle Communications Convergence Version 3.0.3.1.0 Oracle Communications Design Studio Version 7.4.2 Oracle Communications Elastic Charging Engine Version 12.0.0.3.0-12.0.0.7.0 Oracle Communications Elastic Charging Engine Version 12.0.0.5.0-12.0.0.7.0 Oracle Communications Instant Messaging Server Version 10.0.1.6.0 Oracle Communications Messaging Server Version 8.1.0.20.0 Oracle Communications MetaSolv Solution Version 6.3.1 Oracle Communications Order and Service Management Version 7.4.0 Oracle Communications Pricing Design Center Version 12.0.0.5.0-12.0.0.7.0 Oracle Communications Unified Assurance Version 5.5.0-5.5.9 Oracle Communications Unified Assurance Version 6.0.0-6.0.1 Oracle Communications Unified Inventory Management Version 7.4.0 Oracle Communications Unified Inventory Management Version 7.4.0-7.4.2 Oracle Communications Unified Inventory Management Version 7.4.1 Oracle Communications Unified Inventory Management Version 7.4.2 Oracle Communications Unified Inventory Management Version 7.5.0 Primavera Gateway Version 18.8.0-18.8.15 Primavera Gateway Version 19.12.0-19.12.15 Primavera Gateway Version 20.12.0-20.12.10 Primavera Gateway Version 21.12.0-21.12.8 Primavera Unifier Version 18.8 Primavera Unifier Version 19.12 Primavera Unifier Version 20.12 Primavera Unifier Version 21.12 Primavera Unifier Version 22.12 Oracle Data Provider for .NET Version 19c Oracle Data Provider for .NET Version 21c Oracle Database Server(Java VM) Version 19c Oracle Database Server(Oracle Database Data Redaction) Version 19c Oracle Database Server(Oracle Database Fleet Patching) Version 19c Oracle Database Server(Oracle Database RDBMS Security) Version 19c Oracle Database Server(Oracle Database SQLcl) Version 19c Oracle Database Server(Oracle Database) Version 19c Oracle Database Server(GraalVM Multilingual Engine) Version 21c Oracle Database Server(Java VM) Version 21c Oracle Database Server(Oracle Database - Machine Learning for Python) Version 21c Oracle Database Server(Oracle Database Data Redaction) Version 21c Oracle Database Server(Oracle Database Fleet Patching) Version 21c Oracle Database Server(Oracle Database Portable Clusterware) Version 21c Oracle Database Server(Oracle Database RDBMS Security) Version 21c Oracle Database Server(Oracle Database SQLcl) Version 21c Oracle Database Server(Oracle Database) Version 21c Oracle SQLcl Version 19c Oracle SQLcl Version 21c Perl Version Perl: Prior to 5.35 Spatial and Graph Version 19c Spatial and Graph Version 21c Spatial and Graph Mapviewer Version 19c Spatial and Graph Mapviewer Version 21c Oracle Applications DBA Version 12.2.3-12.2.12 Oracle Collaborative Planning Version 12.2.3-12.2.12 Oracle HCM Common Architecture Version 12.2.3-12.2.12 Oracle Learning Management Version 12.2.3-12.2.12 Oracle Marketing Version 12.2.3-12.2.12 Oracle Mobile Field Service Version 12.2.3-12.2.12 Oracle Sales Offline Version 12.2.3-12.2.12 Oracle Sales for Handhelds Version 12.2.3-12.2.12 Oracle Self-Service Human Resources Version 12.2.3-12.2.12 Oracle Web Applications Desktop Integrator Version 12.2.3-12.2.12 Oracle iSetup Version 12.2.3-12.2.12 Oracle iSupplier Portal Version 12.2.6-12.2.8 Enterprise Manager Base Platform Version 13.4.0.0 Enterprise Manager Base Platform Version 13.5.0.0 Enterprise Manager Ops Center Version 12.4.0.0 Oracle Essbase Version 21.4 Oracle Banking Enterprise Default Management Version 2.12.0 Oracle Banking Enterprise Default Management Version 2.6.2 Oracle Banking Enterprise Default Management Version 2.7.0 Oracle Banking Enterprise Default Management Version 2.7.1 Oracle Banking Loans Servicing Version 2.12.0 Oracle Banking Loans Servicing Version 2.8.0 Oracle Banking Party Management Version 2.7.0 Oracle Banking Platform Version 2.12.0 Oracle Banking Platform Version 2.6.2 Oracle Banking Platform Version 2.7.1 Oracle Banking Platform Version 2.9.0 Oracle Financial Services Crime and Compliance Management Studio Version 8.0.8.3.1 Oracle Hospitality Gift and Loyalty Version 9.1.0 Oracle Hospitality Labor Management Version 9.1.0 Oracle Hospitality Reporting and Analytics Version 9.1.0 Oracle Hospitality Simphony Version 18.2.11 Oracle Hospitality Simphony Version 19.3.4 Middleware Common Libraries and Tools Version 12.2.1.4.0 Middleware Common Libraries and Tools Version 14.1.1.0.0 Oracle Access Manager Version 12.2.1.4.0 Oracle Coherence Version 14.1.1.0.0 Oracle Fusion Middleware MapViewer Version 12.2.1.4.0 Oracle Global Lifecycle Management NextGen OUI Framework Version Prior to 13.9.4.2.11 Oracle HTTP Server Version 12.2.1.4.0 Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0 Oracle Outside In Technology Version 8.5.6 Oracle Web Services Manager Version 12.2.1.4.0 Oracle WebCenter Content Version 12.2.1.4.0 Oracle WebCenter Sites Version 12.2.1.4.0 Oracle WebLogic Server Version 12.2.1.3.0 Oracle WebLogic Server Version 12.2.1.4.0 Oracle WebLogic Server Version 14.1.1.0.0 Oracle Global Lifecycle Management OPatchAuto Version DB: Prior to 12.2.0.1.32 Oracle Global Lifecycle Management OPatchAuto Version DB: Prior to 12.2.0.1.35 GoldenGate Stream Analytics Version Prior to 19.1.0.0.8 GoldenGate Stream Analytics Version Prior to 19.1.0.0.8 GoldenGate Veridata Version Prior to 12.2.1.4.220831 Management Pack for Oracle GoldenGate Version Prior to 12.2.1.2.221115 Oracle Stream Analytics Version Prior to 19.1.0.0.8 Oracle Graph Server and Client Version Prior to 21.4.3 Oracle Graph Server and Client Version Prior to 22.4.0 Oracle Graph Server and Client Version Prior to 23.1.0 Oracle Health Sciences Empirica Signal Version 9.1.0.52 Oracle Health Sciences Empirica Signal Version 9.2.0.52 Oracle Healthcare Data Repository Version 8.1.0.0-8.1.3.1 Oracle Healthcare Translational Research Version 4.1.0.0-4.1.1.1 Oracle Hospitality Cruise Shipboard Property Management System Version 20.2.2 Oracle Hyperion Infrastructure Technology Version 11.2.10 Oracle Documaker Version 12.4.0-12.7.0 JD Edwards EnterpriseOne Orchestrator Version Prior to 9.2.7.2 JD Edwards EnterpriseOne Tools Version Prior to 9.2.7.2 Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.8 Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.4 Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.0 Oracle Java SE Version Oracle Java SE:11.0.17 Oracle Java SE Version Oracle Java SE:17.0.5 Oracle Java SE Version Oracle Java SE:19.0.1 Oracle Java SE Version Oracle Java SE:8u351 Oracle Java SE Version Oracle Java SE:8u351-perf MySQL Cluster Version 7.4.38 and prior MySQL Cluster Version 7.5.28 and prior MySQL Cluster Version 7.6.24 and prior MySQL Cluster Version 8.0.31 and prior MySQL Connectors(Connector/C++) Version 8.0.31 and prior MySQL Connectors(Connector/ODBC) Version 8.0.31 and prior MySQL Connectors Version 8.0.31 and prior MySQL Enterprise Monitor Version 8.0.32 and prior MySQL Server Version 5.7.40 and prior MySQL Server Version 8.0.28 and prior MySQL Server Version 8.0.29 and prior MySQL Server Version 8.0.30 and prior MySQL Server Version 8.0.31 and prior MySQL Shell Version 8.0.31 and prior MySQL Workbench Version 8.0.31 and prior PeopleSoft Enterprise CC Common Application Objects Version 9.2 PeopleSoft Enterprise CS Academic Advisement Version 9.2 PeopleSoft Enterprise PeopleTools Version 8.58 PeopleSoft Enterprise PeopleTools Version 8.59 PeopleSoft Enterprise PeopleTools(Panel Processor) Version 8.60 PeopleSoft Enterprise PeopleTools Version 8.60 Oracle Retail Service Backbone Version 14.1.3.2 Oracle Retail Service Backbone Version 15.0.3.1 Oracle Retail Service Backbone Version 16.0.3 Siebel Apps - Marketing Version 22.10 and prior Siebel CRM Version 22.10 and prior Oracle Spatial Studio Version Prior to 22.3.0 Oracle Agile PLM Version 9.3.6 Oracle AutoVue Version Prior to 21.0.2.0 Oracle AutoVue Version Prior to 21.0.2.6 Oracle AutoVue Version Prior to 21.0.2.6 Oracle Demantra Demand Management Version 12.1 Oracle Demantra Demand Management Version 12.2 Oracle Demantra Demand Management Version 12.2.10 Oracle Demantra Demand Management Version 12.2.11 Oracle Demantra Demand Management Version 12.2.12 Oracle Demantra Demand Management Version 12.2.7 Oracle Demantra Demand Management Version 12.2.8 Oracle Demantra Demand Management Version 12.2.9 OSS Support Tools(Diagnostic Assistant) Version 2.12.43 OSS Support Tools(Services Tools Bundle) Version 22.2.22.4.5 OSS Support Tools(RDA - Remote Diagnostic Agent) Version 22.4.22.10.18 OSS Support Tools(Services Tools Bundle) Version 22.4.22.10.18 Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version Prior to XCP2411 Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP3111 Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP4011 Oracle Solaris Version 10 Oracle Solaris Version 11 Oracle TimesTen In-Memory Database Version Prior to 11.2.2.8.65 Oracle Utilities Framework Version 4.3.0.5.0 Oracle Utilities Framework Version 4.3.0.6.0 Oracle Utilities Framework Version 4.4.0.0.0 Oracle Utilities Framework Version 4.4.0.2.0 Oracle Utilities Framework Version 4.4.0.3.0 Oracle Utilities Framework Version 4.5.0.0.0 Oracle Utilities Network Management System Version 2.3.0.2 Oracle Utilities Network Management System Version 2.4.0.1 Oracle Utilities Network Management System Version 2.5.0.0 Oracle Utilities Network Management System Version 2.5.0.0-2.5.0.2 Oracle Utilities Network Management System Version 2.5.0.1 Oracle Utilities Network Management System Version 2.5.0.2 Oracle VM VirtualBox Version Prior to 6.1.42 Oracle VM VirtualBox Version prior to 7.0.6 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Studio (Spring Data Commons)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-1273 P-14121V-22.2.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.0 Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR Server (Spring Data Commons)). Supported versions that are affected are 8.1.0.0-8.1.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-1273 P-9161V-8.1.0.0-8.1.3.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Healthcare Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916773.1 P-9161V-8.1.0.0-8.1.3.1 Vulnerability in the Oracle Database (zlib) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Oracle Database (zlib). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database (zlib). CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2018-25032 P-5(Oracle Database)V-19c P-5(Oracle Database)V-21c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Oracle Database (zlib) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database)V-19c P-5(Oracle Database)V-21c Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (zlib)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-25032 P-1042V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1042V-12.2.1.4.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (jackson-databind)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-7489 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Commons Compress)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2019-12402 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0-2.5.0.2 0.0 Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0-2.5.0.2 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Installation (Apache POI)). Supported versions that are affected are Prior to 21.0.2.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle AutoVue accessible data. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-12415 P-4450V-Prior to 21.0.2.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle AutoVue Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-4450V-Prior to 21.0.2.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Message Bus (Apache Log4j)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17571 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (libpng)). Supported versions that are affected are Prior to 21.0.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-7317 P-4450V-Prior to 21.0.2.6 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle AutoVue Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-4450V-Prior to 21.0.2.6 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Content Acquisition System (dom4j)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1 and 2.5.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Network Management System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Hibernate Validator)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-10693 P-4647V-12.2.1.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Python)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-10735 P-14121V-22.2.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.1 Vulnerability in the Oracle Database (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via multiple protocols to compromise Oracle Database (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database (Python). CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2020-10735 P-5(Oracle Database)V-21c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Oracle Database (Python) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database)V-21c Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client (Python)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. Note: CVE-2020-10735 is non-exploitable in MySQL Shell, because it is a flaw in Python that is distributed in the MySQL Shell and the affected module in Python is not a functional dependency in MySQL Shell. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-10735 P-8478V-8.0.31 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Shell Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-10735 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Security-in-Depth issue in the Perl component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-10878 P-9472V-Perl: Prior to 5.35 0.0 Perl Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-9472V-Perl: Prior to 5.35 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Installation (Apache Ant)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1 and 2.5.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Network Management System accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-11979 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0 P-2241V-2.5.0.1 P-2241V-2.5.0.2 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2020-11987 P-4647V-12.2.1.4.0 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Security-in-Depth issue in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: Stream Analytics (Apache ActiveMQ)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-13920 P-5370V-Prior to 19.1.0.0.8 0.0 GoldenGate Stream Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5370V-Prior to 19.1.0.0.8 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache HttpClient)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-13956 P-4647V-12.2.1.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Stream Analytics product of Oracle GoldenGate (component: Stream Analytics (Apache HttpClient)). Supported versions that are affected are Prior to 19.1.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Stream Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Stream Analytics accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-13956 P-5370V-Prior to 19.1.0.0.8 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Oracle Stream Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5370V-Prior to 19.1.0.0.8 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Perl DBI)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-16156 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (OpenJPEG)). Supported versions that are affected are Prior to 21.0.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-27844 P-4451V-Prior to 21.0.2.6 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle AutoVue Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-4451V-Prior to 21.0.2.6 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client (cryptography)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. Note: CVE-2020-36242 is non-exploitable in MySQL Shell, because it is a flaw in cryptography that is distributed in the MySQL Shell and the affected module in cryptography is not a functional dependency in MySQL Shell. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Security patch has been released CVE-2020-36242 P-8478V-8.0.31 and prior 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MySQL Shell Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (jackson-databind)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-36518 P-9633V-11.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Commerce Guided Search Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916255.1 P-9633V-11.3.2 Vulnerability in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: GoldenGate Stream Analytics (jackson-databind)). Supported versions that are affected are Prior to 19.1.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Stream Analytics. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-36518 P-14015V-Prior to 19.1.0.0.8 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H GoldenGate Stream Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14015V-Prior to 19.1.0.0.8 Security-in-Depth issue in the Oracle SD-WAN Aware product of Oracle Communications (component: Management (PHP)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-21708 P-13941V-8.2.1.9.0 P-13941V-9.0.1.4.0 0.0 Oracle SD-WAN Aware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2920552.1 P-13941V-8.2.1.9.0 P-13941V-9.0.1.4.0 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (UnderscoreJS)). Supported versions that are affected are 18.8, 19.12, 20.12, 21.12 and 22.12. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2021-23358 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 P-10354V-21.12 P-10354V-22.12 3.3 AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917469.1 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 P-10354V-21.12 P-10354V-22.12 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-2351 P-11599V-9.1.0 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Oracle Hospitality Reporting and Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2913273.1 P-11599V-9.1.0 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Commons IO)). Supported versions that are affected are 2.3.0.2, 2.4.0.1 and 2.5.0.0-2.5.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Network Management System accessible data as well as unauthorized read access to a subset of Oracle Utilities Network Management System accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2021-29425 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0-2.5.0.2 4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0-2.5.0.2 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Struts)). The supported version that is affected is 11.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-31805 P-4392V-11.2.10 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Hyperion Infrastructure Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2775466.2 P-4392V-11.2.10 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Apache PDFBox)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Sites executes to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-31812 P-9617V-12.2.1.4.0 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle WebCenter Sites Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-9617V-12.2.1.4.0 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-36090 P-4647V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: FMS Suite (DevExpress)). The supported version that is affected is 20.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-36483 P-11607V-20.2.2 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Hospitality Cruise Shipboard Property Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917992.1 P-11607V-20.2.2 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Perl)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-36770 P-4647V-12.2.1.4.0 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Database - Machine Learning for Python (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Database User privilege with network access via Oracle Net to compromise Oracle Database - Machine Learning for Python (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database - Machine Learning for Python (Python). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-3737 P-5(Oracle Database - Machine Learning for Python)V-21c 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Database - Machine Learning for Python (Python) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database - Machine Learning for Python)V-21c Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant (Apache Commons Net)). The supported version that is affected is 2.12.43. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-37533 P-1330(Diagnostic Assistant)V-2.12.43 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N OSS Support Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919775.1 P-1330(Diagnostic Assistant)V-2.12.43 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: RDA - Remote Diagnostic Agent (Apache Commons Net)). The supported version that is affected is 22.4.22.10.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-37533 P-1330(RDA - Remote Diagnostic Agent)V-22.4.22.10.18 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N OSS Support Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919775.1 P-1330(RDA - Remote Diagnostic Agent)V-22.4.22.10.18 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Services Tools Bundle (Apache Commons Net)). The supported version that is affected is 22.4.22.10.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-37533 P-1330(Services Tools Bundle)V-22.4.22.10.18 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N OSS Support Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919775.1 P-1330(Services Tools Bundle)V-22.4.22.10.18 Security-in-Depth issue in the Oracle Database (MIT Kerberos KDC) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-37750 P-5(Oracle Database)V-19c P-5(Oracle Database)V-21c 0.0 Oracle Database (MIT Kerberos KDC) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database)V-19c P-5(Oracle Database)V-21c Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Chatbot Framework (JSON Schema)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise CC Common Application Objects. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3918 P-8911V-9.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H PeopleSoft Enterprise CC Common Application Objects Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-8911V-9.2 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (JSON Schema)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3918 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Libgcrypt)). The supported version that is affected is 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-40528 P-14121V-22.2.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.0 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Engagement (jQuery UI)). Supported versions that are affected are 18.2.11 and 19.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-41184 P-11594V-18.2.11 P-11594V-19.3.4 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Hospitality Simphony Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2913296.1 P-11594V-18.2.11 P-11594V-19.3.4 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Rulesets (XStream)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-41411 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (ModSecurity)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-42717 P-1042V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1042V-12.2.1.4.0 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Netty)). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Elastic Charging Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Elastic Charging Engine accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). Security patch has been released CVE-2021-43797 P-9742V-12.0.0.3.0-12.0.0.7.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Oracle Communications Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-9742V-12.0.0.3.0-12.0.0.7.0 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Netty)). Supported versions that are affected are 2.5.0.1 and 2.5.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Network Management System accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). Security patch has been released CVE-2021-43797 P-2241V-2.5.0.1 P-2241V-2.5.0.2 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2241V-2.5.0.1 P-2241V-2.5.0.2 Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security (Apache Log4j)). Supported versions that are affected are 12.2.7, 12.2.8, 12.2.9, 12.2.10, 12.2.11 and 12.2.12. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in takeover of Oracle Demantra Demand Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-44832 P-2100V-12.2.7 P-2100V-12.2.8 P-2100V-12.2.9 P-2100V-12.2.10 P-2100V-12.2.11 P-2100V-12.2.12 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle Demantra Demand Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-2100V-12.2.7 P-2100V-12.2.8 P-2100V-12.2.9 P-2100V-12.2.10 P-2100V-12.2.11 P-2100V-12.2.12 Vulnerability in the Oracle Hospitality Gift and Loyalty product of Oracle Food and Beverage Applications (component: Reporting (Apache Log4j)). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Hospitality Gift and Loyalty. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Gift and Loyalty. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-44832 P-11600V-9.1.0 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle Hospitality Gift and Loyalty Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2913273.1 P-11600V-9.1.0 Vulnerability in the Oracle Hospitality Labor Management product of Oracle Food and Beverage Applications (component: Reporting (Apache Log4j)). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Hospitality Labor Management. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Labor Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-44832 P-11601V-9.1.0 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle Hospitality Labor Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2913273.1 P-11601V-9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting (Apache Log4j)). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-44832 P-11599V-9.1.0 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle Hospitality Reporting and Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2913273.1 P-11599V-9.1.0 Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (Apache Log4j)). Supported versions that are affected are 22.10 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-44832 P-8974V-22.10 and prior 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Siebel Apps - Marketing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915482.1 P-8974V-22.10 and prior Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Log4j)). Supported versions that are affected are 2.3.0.2, 2.4.0.1 and 2.5.0.0-2.5.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-45105 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0-2.5.0.2 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Utilities Network Management System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2241V-2.3.0.2 P-2241V-2.4.0.1 P-2241V-2.5.0.0-2.5.0.2 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (xnio-api)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-0084 P-14250V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Kernel)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-0492 P-10899V-8.6.0.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Oracle Linux 8 (dnsmasq)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-0934 P-14125V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Function Cloud Native Environment Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919019.1 P-14125V-22.3.0 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (OpenJPEG)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-1122 P-2276V-8.5.6 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-2276V-8.5.6 Security-in-Depth issue in the Spatial and Graph (OpenJPEG) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-1122 P-619V-19c P-619V-21c 0.0 Spatial and Graph (OpenJPEG) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-619V-19c P-619V-21c Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (e2fsprogs)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Exposure Function executes to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-1304 P-14122V-22.3.1 P-14122V-22.4.0 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919018.1 P-14122V-22.3.1 P-14122V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (e2fsprogs)). Supported versions that are affected are 22.4.0 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-1304 P-14123V-22.4.0 P-14123V-22.3.1 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919045.1 P-14123V-22.4.0 P-14123V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Undertow)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-1319 P-14118V-22.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Repository Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919001.1 P-14118V-22.3.2 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python (Python)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-1941 P-8576V-8.0.31 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8576V-8.0.31 and prior Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (Eclipse Jetty)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2048 P-14121V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Eclipse Jetty)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2048 P-14277V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-22.3.0 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Eclipse Jetty)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Crime and Compliance Management Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2048 P-13595V-8.0.8.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Crime and Compliance Management Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917625.1 P-13595V-8.0.8.3.1 Security-in-Depth issue in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: GoldenGate Stream Analytics (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-2048 P-14015V-Prior to 19.1.0.0.8 0.0 GoldenGate Stream Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14015V-Prior to 19.1.0.0.8 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (Undertow)). Supported versions that are affected are 22.3.0-22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2053 P-14121V-22.3.0-22.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.0-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (undertow-core)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2053 P-14250V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (Undertow)). Supported versions that are affected are 22.3.0 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2053 P-14277V-22.3.0 P-14277V-22.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-22.3.0 P-14277V-22.4.0 Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-21597 P-5(GraalVM Multilingual Engine)V-21c 0.0 GraalVM Multilingual Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(GraalVM Multilingual Engine)V-21c Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (MySQL)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2022-21824 P-14121V-22.3.0 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (MySQL)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2022-21824 P-14277V-22.3.0 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-22.3.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-2274 P-1042V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1042V-12.2.1.4.0 Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle Essbase. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-2274 P-4379V-21.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-4379V-21.4 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure (OpenSSL)). Supported versions that are affected are 22.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successful attacks of this vulnerability can result in takeover of Siebel CRM. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-2274 P-9001V-22.10 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Siebel CRM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915482.1 P-9001V-22.10 and prior Security-in-Depth issue in the Management Pack for Oracle GoldenGate product of Oracle GoldenGate (component: Monitor (Spring Framework)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-22950 P-5759V-Prior to 12.2.1.2.221115 0.0 Management Pack for Oracle GoldenGate Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5759V-Prior to 12.2.1.2.221115 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Spring Framework)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-22965 P-9633V-11.3.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Commerce Guided Search Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916255.1 P-9633V-11.3.2 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (Spring Framework)). The supported version that is affected is 1.11.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22970 P-14277V-1.11.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-1.11.0 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Spring Framework)). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Elastic Charging Engine. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-9742V-12.0.0.3.0-12.0.0.7.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-9742V-12.0.0.3.0-12.0.0.7.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 22.3.2 and 22.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-14121V-22.3.2 P-14121V-22.2.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.2 P-14121V-22.2.0 Vulnerability in the Oracle Communications Diameter Intelligence Hub product of Oracle Communications (component: Mediation (Spring Framework)). The supported version that is affected is 8.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Intelligence Hub. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Intelligence Hub. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-11126V-8.2.3.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Diameter Intelligence Hub Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919022.1 P-11126V-8.2.3.0 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: TMF APIs (Spring Framework)). Supported versions that are affected are 7.4.0, 7.4.1 and 7.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: GoldenGate Veridata (Spring Framework)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-22971 P-5758V-Prior to 12.2.1.4.220831 0.0 GoldenGate Veridata Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5758V-Prior to 12.2.1.4.220831 Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR Server (Spring Framework)). Supported versions that are affected are 8.1.0.0-8.1.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Data Repository. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-9161V-8.1.0.0-8.1.3.1 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Healthcare Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916773.1 P-9161V-8.1.0.0-8.1.3.1 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: Data Studio (Spring Framework)). Supported versions that are affected are 4.1.0.0-4.1.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-9427V-4.1.0.0-4.1.1.1 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916773.1 P-9427V-4.1.0.0-4.1.1.1 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-22971 P-8480V-8.0.32 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8480V-8.0.32 and prior Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Message Bus (Spring Security)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-22978 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (glibc)). Supported versions that are affected are Prior to XCP2411, prior to XCP3111 and prior to XCP4011. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23219 P-10656V-Prior to XCP2411 P-10656V-prior to XCP3111 P-10656V-prior to XCP4011 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2920776.1 P-10656V-Prior to XCP2411 P-10656V-prior to XCP3111 P-10656V-prior to XCP4011 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: Data Studio (H2 Database)). Supported versions that are affected are 4.1.0.0-4.1.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23221 P-9427V-4.1.0.0-4.1.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Healthcare Translational Research Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916773.1 P-9427V-4.1.0.0-4.1.1.1 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (Apache Log4j)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23305 P-2545V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Coherence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-2545V-14.1.1.0.0 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Xerces-J)). Supported versions that are affected are 12.4.0-12.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-23437 P-5477V-12.4.0-12.7.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Documaker Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2918819.1 P-5477V-12.4.0-12.7.0 Vulnerability in the Oracle Health Sciences Empirica Signal product of Oracle Health Sciences Applications (component: Core (Enterprise Security API)). Supported versions that are affected are 9.1.0.52 and 9.2.0.52. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences Empirica Signal. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Empirica Signal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23457 P-9646V-9.1.0.52 P-9646V-9.2.0.52 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Health Sciences Empirica Signal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916626.1 P-9646V-9.1.0.52 P-9646V-9.2.0.52 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Enterprise Security API)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-23457 P-4647V-12.2.1.4.0 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2022-24329 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cyrus SASL)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-24407 P-14121V-22.2.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.1 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (Cyrus SASL)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-24407 P-8576(Connector/C++)V-8.0.31 and prior 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8576(Connector/C++)V-8.0.31 and prior Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (Cyrus SASL)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-24407 P-8576(Connector/ODBC)V-8.0.31 and prior 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8576(Connector/ODBC)V-8.0.31 and prior Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (Netty)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Enterprise Default Management executes to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Enterprise Default Management accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-24823 P-13390V-2.7.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle Banking Enterprise Default Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13390V-2.7.0 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Netty)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Party Management executes to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Party Management accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-24823 P-13929V-2.7.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle Banking Party Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13929V-2.7.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Netty)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-24823 P-14121V-22.3.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.0 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (NekoHTML)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-24839 P-4461V-9.3.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Agile PLM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-4461V-9.3.6 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Multiple)). The supported version that is affected is 8.6.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SYSLOG to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-24903 P-10899V-8.6.0.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Oracle Linux)). Supported versions that are affected are 22.2.0, 22.2.2 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-2509 P-14121V-22.2.0 P-14121V-22.2.2 P-14121V-22.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.0 P-14121V-22.2.2 P-14121V-22.3.1 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Expat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-25236 P-1042V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1042V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (systemd-libs)). Supported versions that are affected are 22.2.2, 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-2526 P-14488V-22.2.2 P-14488V-22.3.1 P-14488V-22.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919015.1 P-14488V-22.2.2 P-14488V-22.3.1 P-14488V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (LibExpat)). The supported version that is affected is 22.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-25315 P-14121V-22.2.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.4 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Google Gson)). Supported versions that are affected are 22.2.2, 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-14488V-22.2.2 P-14488V-22.3.1 P-14488V-22.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919015.1 P-14488V-22.2.2 P-14488V-22.3.1 P-14488V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Google Gson)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-14121V-22.2.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.0 Vulnerability in the Oracle Communications Performance Intelligence Center (PIC) Software product of Oracle Communications (component: Management (Google Gson)). The supported version that is affected is 10.4.0.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Performance Intelligence Center (PIC) Software. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Performance Intelligence Center (PIC) Software. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-11044V-10.4.0.4.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Performance Intelligence Center (PIC) Software Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2920603.1 P-11044V-10.4.0.4.1 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: REST API (Google Gson)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console (Google Gson)). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-1370V-13.4.0.0 P-1370V-13.5.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906900.1 P-1370V-13.4.0.0 P-1370V-13.5.0.0 Vulnerability in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: GoldenGate Stream Analytics (Google Gson)). Supported versions that are affected are Prior to 19.1.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Stream Analytics. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-14015V-Prior to 19.1.0.0.8 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H GoldenGate Stream Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14015V-Prior to 19.1.0.0.8 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (Google GSON)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25647 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Security-in-Depth issue in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: EAI Manager (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-25857 P-2136(EAI Manager)V-12.0.0.4.0-12.0.0.7.0 0.0 Oracle Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-2136(EAI Manager)V-12.0.0.4.0-12.0.0.7.0 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: REST Services Manager (SnakeYaml)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25857 P-2136(REST Services Manager)V-12.0.0.4.0-12.0.0.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-2136(REST Services Manager)V-12.0.0.4.0-12.0.0.7.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (SnakeYAML)). The supported version that is affected is 22.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25857 P-14121V-22.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.2 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Cloud Manager (SnakeYAML)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-25857 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (Apache POI)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-26336 P-4781V-Prior to 9.2.7.2 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915506.1 P-4781V-Prior to 9.2.7.2 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (FreeType)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-27404 P-14121V-22.2.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.1 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Oracle Linux 8 (FreeType)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-27404 P-14125V-22.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Network Function Cloud Native Environment Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919019.1 P-14125V-22.3.0 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (FreeType)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-27404 P-2276V-8.5.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-2276V-8.5.6 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-27782 P-1042V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1042V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (cURL)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-27782 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libxml2)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-29824 P-14121V-22.2.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.2.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-29824 P-1042V-12.2.1.4.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1042V-12.2.1.4.0 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: ISC (Apache Tika)). The supported version that is affected is 8.1.0.20.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Messaging Server executes to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-30126 P-8496V-8.1.0.20.0 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Oracle Communications Messaging Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-8496V-8.1.0.20.0 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Kernel)). The supported version that is affected is 8.6.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-3028 P-10899V-8.6.0.0 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (WebKitGTK)). Supported versions that are affected are 22.3.3 and 22.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-30293 P-14119V-22.3.3 P-14119V-22.4.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919035.1 P-14119V-22.3.3 P-14119V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Moment.js)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-31129 P-14121V-22.1.0 P-14121V-22.2.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.1.0 P-14121V-22.2.0 Security-in-Depth issue in Oracle Graph Server and Client (component: PGX Java Client (Moment.js)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-31129 P-14069V-Prior to 22.4.0 0.0 Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14069V-Prior to 22.4.0 Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Moment)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-31129 P-4379V-21.4 0.0 Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-4379V-21.4 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Moment.js)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-31129 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-31629 P-10899V-8.6.0.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Security)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-14250V-22.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Spring Security)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-14122V-22.3.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919018.1 P-14122V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Spring Security crypto)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-14118V-22.3.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Network Repository Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919001.1 P-14118V-22.3.2 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Spring Security)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-14277V-22.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Spring Security)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-14123V-22.3.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919045.1 P-14123V-22.3.1 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: REST API (Spring Security)). Supported versions that are affected are 7.4.0, 7.4.1 and 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Security)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31692 P-8480V-8.0.32 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8480V-8.0.32 and prior Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Google Protobuf-Java)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14121V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Google Protobuf-Java)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14250V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Google Protobuf-Java)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14122V-22.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919018.1 P-14122V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Google Protobuf-Java)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14118V-22.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Repository Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919001.1 P-14118V-22.3.2 Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Platform (Google Protobuf-Java)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14130V-22.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Slice Selection Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919002.1 P-14130V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Google Protobuf-Java)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14123V-22.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919045.1 P-14123V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Google Protobuf-Java)). Supported versions that are affected are 22.2.2 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-14119V-22.2.2 P-14119V-22.3.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919035.1 P-14119V-22.2.2 P-14119V-22.3.3 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Policy (Google Protobuf-Java)). Supported versions that are affected are 7.4.0-7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-4516V-7.4.0-7.4.2 P-4516V-7.5.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.4.0-7.4.2 P-4516V-7.5.0 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Google Protobuf-Java)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Crime and Compliance Management Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-13595V-8.0.8.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Crime and Compliance Management Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917625.1 P-13595V-8.0.8.3.1 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Google Protobuf-Java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-1215V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Fusion Middleware MapViewer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1215V-12.2.1.4.0 Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging/install (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-3171 P-14069V-Prior to 23.1.0 0.0 Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14069V-Prior to 23.1.0 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Net (Google Protobuf-Java)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-8576V-8.0.31 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8576V-8.0.31 and prior Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Google Protobuf-Java)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3171 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917469.1 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 Security-in-Depth issue in Oracle Spatial Studio (component: Oracle Spatial Studio (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-3171 P-13600V-Prior to 22.3.0 0.0 Oracle Spatial Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-13600V-Prior to 22.3.0 Security-in-Depth issue in the Spatial and Graph Mapviewer (Google Protobuf-Java) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-3171 P-619V-19c P-619V-21c 0.0 Spatial and Graph Mapviewer (Google Protobuf-Java) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-619V-19c P-619V-21c Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Update Provisioning (Apache HTTP Server)). The supported version that is affected is 12.4.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31813 P-9835V-12.4.0.0 6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Enterprise Manager Ops Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906900.1 P-9835V-12.4.0.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-31813 P-1042V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle HTTP Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1042V-12.2.1.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: User Interface (Node.js)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-32212 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (cURL)). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-32221 P-8478V-5.7.40 and prior P-8478V-8.0.31 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-5.7.40 and prior P-8478V-8.0.31 and prior Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (Apache Commons Configuration)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Enterprise Default Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-33980 P-13390V-2.7.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Banking Enterprise Default Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13390V-2.7.0 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Apache Commons Configuration)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Party Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-33980 P-13929V-2.7.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Banking Party Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13929V-2.7.0 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Cloud native deployment (Apache Commons Configuration)). Supported versions that are affected are 12.0.0.5.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications Elastic Charging Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-33980 P-9742V-12.0.0.5.0-12.0.0.7.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-9742V-12.0.0.5.0-12.0.0.7.0 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Apache Commons Configuration)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Crime and Compliance Management Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-33980 P-13595V-8.0.8.3.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Financial Services Crime and Compliance Management Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917625.1 P-13595V-8.0.8.3.1 Security-in-Depth issue in Oracle Graph Server and Client (component: Oracle Graph Server (Apache Commons Configuration)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-33980 P-14069V-Prior to 22.4.0 0.0 Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14069V-Prior to 22.4.0 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Application Server (Apache Xalan-J)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-34169 P-4461V-9.3.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Agile PLM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-4461V-9.3.6 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: Backend Server (Apache Tomcat)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Management Cloud Engine, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Management Cloud Engine accessible data as well as unauthorized read access to a subset of Management Cloud Engine accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-34305 P-14252V-22.1.0.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Management Cloud Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919078.1 P-14252V-22.1.0.0.0 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Apache Kafka)). Supported versions that are affected are 12.0.0.5.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Elastic Charging Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-34917 P-9742V-12.0.0.5.0-12.0.0.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-9742V-12.0.0.5.0-12.0.0.7.0 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Event Streams and Communications (Apache Kafka)). Supported versions that are affected are 18.8, 19.12, 20.12, 21.12 and 22.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-34917 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 P-10354V-21.12 P-10354V-22.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917469.1 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 P-10354V-21.12 P-10354V-22.12 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Google Protobuf-Java)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-3510 P-14277V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-22.3.0 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: IMAP (NSS)). The supported version that is affected is 8.1.0.20.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-35737 P-8496V-8.1.0.20.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Messaging Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-8496V-8.1.0.20.0 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (jsoup)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Management Studio, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Management Studio accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Management Studio accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2022-36033 P-13595V-8.0.8.3.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Oracle Financial Services Crime and Compliance Management Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917625.1 P-13595V-8.0.8.3.1 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Helm)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-36055 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (zlib)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-14121V-22.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.1.1 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (zlib)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-14123V-22.3.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919045.1 P-14123V-22.3.1 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (zlib)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-10899V-8.6.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (zlib)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-4627V-8.0.31 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MySQL Workbench Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-4627V-8.0.31 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (zlib)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-2276V-8.5.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-2276V-8.5.6 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PeopleSoft CDA (zlib)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37434 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.58 P-5085V-8.59 P-5085V-8.60 Vulnerability in Oracle TimesTen In-Memory Database (component: In-Memory Database (zlib)). Supported versions that are affected are Prior to 11.2.2.8.65. Easily exploitable vulnerability allows low privileged attacker with network access via Oracle Net to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-37434 P-1870V-Prior to 11.2.2.8.65 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle TimesTen In-Memory Database Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-1870V-Prior to 11.2.2.8.65 Security-in-Depth issue in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (zlib)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-37434 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 0.0 Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919776.1 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: User Interface (PHP)). Supported versions that are affected are 5.5.0-5.5.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-37454 P-14597V-5.5.0-5.5.9 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (SnakeYAML)). The supported version that is affected is 2.6.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Enterprise Default Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-13390V-2.6.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Banking Enterprise Default Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13390V-2.6.2 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (SnakeYAML)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-13929V-2.7.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Banking Party Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13929V-2.7.0 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-38752 P-11528V-Prior to 21.4.3 0.0 Big Data Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-11528V-Prior to 21.4.3 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (SnakeYAML)). Supported versions that are affected are 22.2.2, 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-14488V-22.2.2 P-14488V-22.3.1 P-14488V-22.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Automated Test Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919015.1 P-14488V-22.2.2 P-14488V-22.3.1 P-14488V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (SnakeYAML)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-14118V-22.3.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Repository Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919001.1 P-14118V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (SnakeYAML)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-14277V-22.3.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (SnakeYAML)). Supported versions that are affected are 22.3.4 and 22.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-14119V-22.3.4 P-14119V-22.2.3 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919035.1 P-14119V-22.3.4 P-14119V-22.2.3 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (SnakeYAML)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-10899V-8.6.0.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Signaling (SnakeYAML)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-38752 P-4516V-7.5.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.5.0 Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging/install (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-38752 P-14069V-Prior to 21.4.3 0.0 Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14069V-Prior to 21.4.3 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Cloud Native (Traefik)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-39271 P-4516V-7.5.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.5.0 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2022-39429 P-5(Java VM)V-19c P-5(Java VM)V-21c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Java VM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Java VM)V-19c P-5(Java VM)V-21c Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: Utilities (Apache Batik)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications MetaSolv Solution accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-40146 P-2267V-6.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Communications MetaSolv Solution Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916548.1 P-2267V-6.3.1 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-40146 P-1215V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Fusion Middleware MapViewer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1215V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Jettison)). The supported version that is affected is 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40149 P-5085V-8.58 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.58 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager (Jettison)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40150 P-2136V-12.0.0.4.0-12.0.0.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-2136V-12.0.0.4.0-12.0.0.7.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (Jettison)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40150 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (XStream)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-40153 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Oracle Linux (libxml2)). Supported versions that are affected are 22.3.1 and 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Slice Selection Function executes to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-40304 P-14130V-22.3.1 P-14130V-22.4.1 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Network Slice Selection Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919002.1 P-14130V-22.3.1 P-14130V-22.4.1 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (libxml2)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Workbench executes to compromise MySQL Workbench. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Workbench. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-40304 P-4627V-8.0.31 and prior 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MySQL Workbench Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-4627V-8.0.31 and prior Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Apache Shiro)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-40664 P-9617V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle WebCenter Sites Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-9617V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Quarkus)). Supported versions that are affected are 22.3.0 and 22.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-4147 P-14250V-22.3.0 P-14250V-22.4.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 P-14250V-22.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Go)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2022-41720 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Netty)). Supported versions that are affected are 22.3.0 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-41881 P-14250V-22.3.0 P-14250V-22.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 P-14250V-22.4.0 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (jackson-databind)). Supported versions that are affected are 2.7.1 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Enterprise Default Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13390V-2.7.1 P-13390V-2.12.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Enterprise Default Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13390V-2.7.1 P-13390V-2.12.0 Vulnerability in the Oracle Banking Loans Servicing product of Oracle Financial Services Applications (component: Web UI (jackson-databind)). Supported versions that are affected are 2.8.0 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Loans Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Loans Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13927V-2.8.0 P-13927V-2.12.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Loans Servicing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13927V-2.8.0 P-13927V-2.12.0 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (jackson-databind)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13929V-2.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Party Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-13929V-2.7.0 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (jackson-databind)). Supported versions that are affected are 2.6.2, 2.7.1, 2.9.0 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-9178V-2.6.2 P-9178V-2.7.1 P-9178V-2.9.0 P-9178V-2.12.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Banking Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917336.1 P-9178V-2.6.2 P-9178V-2.7.1 P-9178V-2.9.0 P-9178V-2.12.0 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care, BOC, DM Kafka, REST API (jackson-databind)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-2136V-12.0.0.4.0-12.0.0.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-2136V-12.0.0.4.0-12.0.0.7.0 Vulnerability in the Oracle Communications Calendar Server product of Oracle Communications Applications (component: Calendar Server (jackson-databind)). The supported version that is affected is 8.0.0.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Calendar Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Calendar Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-8494V-8.0.0.6.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Calendar Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-8494V-8.0.0.6.0 Security-in-Depth issue in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (jackson-databind)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42003 P-14121V-22.3.0 P-14121V-22.4.0 0.0 Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.0 P-14121V-22.4.0 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (jackson-databind)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14250V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: REST API (jackson-databind)). The supported version that is affected is 22.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14489V-22.0.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Data Analytics Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2920604.1 P-14489V-22.0.0.0.0 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (jackson-databind)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14122V-22.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Exposure Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919018.1 P-14122V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (jackson-databind)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14118V-22.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Repository Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919001.1 P-14118V-22.3.2 Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Platform (jackson-databind)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14130V-22.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Network Slice Selection Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919002.1 P-14130V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (jackson-databind)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14123V-22.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919045.1 P-14123V-22.3.1 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (jackson-databind)). Supported versions that are affected are 22.2.2 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14119V-22.2.2 P-14119V-22.3.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919035.1 P-14119V-22.2.2 P-14119V-22.3.3 Vulnerability in the Oracle Communications Contacts Server product of Oracle Communications Applications (component: Contact Server (jackson-databind)). The supported version that is affected is 8.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Contacts Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Contacts Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-10696V-8.0.0.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Contacts Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-10696V-8.0.0.7.0 Vulnerability in the Oracle Communications Diameter Intelligence Hub product of Oracle Communications (component: Mediation (jackson-databind)). The supported version that is affected is 8.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Intelligence Hub. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Intelligence Hub. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-11126V-8.2.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Diameter Intelligence Hub Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919022.1 P-11126V-8.2.3.0 Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: DBPlugin (jackson-databind)). The supported version that is affected is 10.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Instant Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-8495V-10.0.1.6.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Instant Messaging Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-8495V-10.0.1.6.0 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: ISC (jackson-databind)). The supported version that is affected is 8.1.0.20.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-8496V-8.1.0.20.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Messaging Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-8496V-8.1.0.20.0 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Service Manager (jackson-databind)). Supported versions that are affected are 12.0.0.5.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-9437V-12.0.0.5.0-12.0.0.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-9437V-12.0.0.5.0-12.0.0.7.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Message Bus (jackson-databind)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Others (jackson-databind)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916531.1 P-4516V-7.4.0 P-4516V-7.4.1 P-4516V-7.4.2 P-4516V-7.5.0 Vulnerability in the Oracle Database Fleet Patching (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database Fleet Patching (jackson-databind). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Fleet Patching (jackson-databind). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-5(Oracle Database Fleet Patching)V-19c P-5(Oracle Database Fleet Patching)V-21c 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle Database Fleet Patching (jackson-databind) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database Fleet Patching)V-19c P-5(Oracle Database Fleet Patching)V-21c Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (jackson-databind)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Crime and Compliance Management Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-13595V-8.0.8.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Financial Services Crime and Compliance Management Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917625.1 P-13595V-8.0.8.3.1 Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues (jackson-databind)). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-12738V-Prior to 13.9.4.2.11 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Global Lifecycle Management NextGen OUI Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-12738V-Prior to 13.9.4.2.11 Vulnerability in the Oracle Health Sciences Empirica Signal product of Oracle Health Sciences Applications (component: Core (jackson-databind)). Supported versions that are affected are 9.1.0.52 and 9.2.0.52. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences Empirica Signal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Health Sciences Empirica Signal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-9646V-9.1.0.52 P-9646V-9.2.0.52 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Health Sciences Empirica Signal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916626.1 P-9646V-9.1.0.52 P-9646V-9.2.0.52 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: Security (jackson-databind)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Management Cloud Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-14252V-22.1.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Management Cloud Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919078.1 P-14252V-22.1.0.0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (jackson-databind)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-5085V-8.59 P-5085V-8.60 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.59 P-5085V-8.60 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (jackson-databind)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917469.1 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (jackson-databind)). Supported versions that are affected are 18.8, 19.12, 20.12, 21.12 and 22.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 P-10354V-21.12 P-10354V-22.12 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917469.1 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 P-10354V-21.12 P-10354V-22.12 Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: Installation (jackson-databind)). Supported versions that are affected are 14.1.3.2, 15.0.3.1 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Service Backbone. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-10867V-14.1.3.2 P-10867V-15.0.3.1 P-10867V-16.0.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Retail Service Backbone Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915671.1 P-10867V-14.1.3.2 P-10867V-15.0.3.1 P-10867V-16.0.3 Security-in-Depth issue in Oracle Spatial Studio (component: Oracle Spatial Studio (jackson-databind)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42003 P-13600V-Prior to 22.3.0 0.0 Oracle Spatial Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-13600V-Prior to 22.3.0 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: General (jackson-databind)). Supported versions that are affected are 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 and 4.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-42003 P-2245V-4.3.0.5.0 P-2245V-4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 P-2245V-4.4.0.3.0 P-2245V-4.5.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Utilities Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2245V-4.3.0.5.0 P-2245V-4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 P-2245V-4.4.0.3.0 P-2245V-4.5.0.0.0 Security-in-Depth issue in the Oracle Global Lifecycle Management OPatchAuto product of Oracle Global Lifecycle Management (component: Database extensions (jackson-databind)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42004 P-12752V-DB: Prior to 12.2.0.1.32 0.0 Oracle Global Lifecycle Management OPatchAuto Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-12752V-DB: Prior to 12.2.0.1.32 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-4461V-9.3.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Agile PLM Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-4461V-9.3.6 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42252 P-11528V-Prior to 23.1.0 0.0 Big Data Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-11528V-Prior to 23.1.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Apache Tomcat)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-14121V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.3.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Apache Tomcat)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-14277V-22.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919044.1 P-14277V-22.3.0 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-10899V-8.6.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: DBPlugin (Apache Tomcat)). The supported version that is affected is 10.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Instant Messaging Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-8495V-10.0.1.6.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Instant Messaging Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-8495V-10.0.1.6.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Integration (Apache Tomcat)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Apache Tomcat)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Crime and Compliance Management Studio accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-13595V-8.0.8.3.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Financial Services Crime and Compliance Management Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917625.1 P-13595V-8.0.8.3.1 Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging/install (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42252 P-14069V-Prior to 23.1.0 0.0 Oracle Graph Server and Client Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-14069V-Prior to 23.1.0 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2022-42252 P-8480V-8.0.32 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8480V-8.0.32 and prior Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Apache Commons Text)). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications Elastic Charging Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-9742V-12.0.0.3.0-12.0.0.7.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-9742V-12.0.0.3.0-12.0.0.7.0 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Apache Commons Text)). Supported versions that are affected are 22.3.4 and 22.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-14119V-22.3.4 P-14119V-22.2.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919035.1 P-14119V-22.3.4 P-14119V-22.2.3 Vulnerability in the Oracle Communications Design Studio product of Oracle Communications Applications (component: PSR Designer (Apache Commons Text)). The supported version that is affected is 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Design Studio. Successful attacks of this vulnerability can result in takeover of Oracle Communications Design Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-2283V-7.4.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Design Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2918168.1 P-2283V-7.4.2 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Apache Common Text)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-10899V-8.6.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Diameter Signaling Router Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919053.1 P-10899V-8.6.0.0 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Installer (Apache Commons Text)). The supported version that is affected is 7.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-2270V-7.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Order and Service Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916532.1 P-2270V-7.4.0 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Commons Text)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Unified Assurance Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916530.1 P-14597V-5.5.0-5.5.9 P-14597V-6.0.0-6.0.1 Security-in-Depth issue in the Oracle Database SQLcl (Apache Commons Text) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-42889 P-5(Oracle Database SQLcl)V-19c P-5(Oracle Database SQLcl)V-21c 0.0 Oracle Database SQLcl (Apache Commons Text) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database SQLcl)V-19c P-5(Oracle Database SQLcl)V-21c Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Management Agent (Apache Commons Text)). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-1370V-13.4.0.0 P-1370V-13.5.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906900.1 P-1370V-13.4.0.0 P-1370V-13.5.0.0 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Commons Text)). The supported version that is affected is 11.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-4392V-11.2.10 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Hyperion Infrastructure Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2775466.2 P-4392V-11.2.10 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Apache Commons Text)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Orchestrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-11681V-Prior to 9.2.7.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Orchestrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915506.1 P-11681V-Prior to 9.2.7.2 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: Security (Apache Commons Text)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-14252V-22.1.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Management Cloud Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919078.1 P-14252V-22.1.0.0.0 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache Commons Text)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-4647V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Text)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917469.1 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: General (Apache Commons Text)). Supported versions that are affected are 4.4.0.3.0 and 4.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-2245V-4.4.0.3.0 P-2245V-4.5.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Utilities Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915778.1 P-2245V-4.4.0.3.0 P-2245V-4.5.0.0.0 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server (Apache Commons Text)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42889 P-2271V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle WebCenter Content Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-2271V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (cURL)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42915 P-14121V-22.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Cloud Native Core Binding Support Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919016.1 P-14121V-22.1.1 Vulnerability in Oracle Essbase (component: Infrastructure (cURL)). The supported version that is affected is 21.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle Essbase. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42915 P-4379V-21.4 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Oracle Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-4379V-21.4 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third party Jars (Apache Commons BCEL)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-42920 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Jenkins Script)). The supported version that is affected is 22.3.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. While the vulnerability is in Oracle Communications Cloud Native Core Unified Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2022-43403 P-14119V-22.3.3 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Oracle Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919035.1 P-14119V-22.3.3 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-43548 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917310.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Centralized Third-party Jars (Libexpat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-43680 P-4647V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (LibExpat)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2022-43680 P-2276V-8.5.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-2276V-8.5.6 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: End-User Documentation (Apache Mina SSHD)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-2545V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Coherence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-2545V-14.1.1.0.0 Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Apache MINA SSHD)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45047 P-14250V-22.3.0 P-14250V-22.4.0 0.0 Oracle Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919017.1 P-14250V-22.3.0 P-14250V-22.4.0 Security-in-Depth issue in the Oracle Database Portable Clusterware (Apache Mina SSHD) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45047 P-5(Oracle Database Portable Clusterware)V-21c 0.0 Oracle Database Portable Clusterware (Apache Mina SSHD) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database Portable Clusterware)V-21c Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues (Apache Mina SSHD)). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-12738V-Prior to 13.9.4.2.11 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Global Lifecycle Management NextGen OUI Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-12738V-Prior to 13.9.4.2.11 Security-in-Depth issue in the Oracle Global Lifecycle Management OPatchAuto product of Oracle Global Lifecycle Management (component: Database extensions (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45047 P-12752V-DB: Prior to 12.2.0.1.35 0.0 Oracle Global Lifecycle Management OPatchAuto Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-12752V-DB: Prior to 12.2.0.1.35 Vulnerability in the Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: RDA - Remote Diagnostic Agent (Apache Mina SSHD)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-4647V-12.2.1.4.0 P-4647V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Middleware Common Libraries and Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-4647V-12.2.1.4.0 P-4647V-14.1.1.0.0 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant (Apache Mina SSHD)). The supported version that is affected is 2.12.43. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-1330(Diagnostic Assistant)V-2.12.43 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OSS Support Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919775.1 P-1330(Diagnostic Assistant)V-2.12.43 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: RDA - Remote Diagnostic Agent (Apache MINA SSHD)). The supported version that is affected is 22.4.22.10.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-1330(RDA - Remote Diagnostic Agent)V-22.4.22.10.18 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OSS Support Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919775.1 P-1330(RDA - Remote Diagnostic Agent)V-22.4.22.10.18 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Services Tools Bundle (Apache Mina SSHD)). The supported version that is affected is 22.2.22.4.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2022-45047 P-1330(Services Tools Bundle)V-22.2.22.4.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OSS Support Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919775.1 P-1330(Services Tools Bundle)V-22.2.22.4.5 Security-in-Depth issue in the Oracle SQLcl (Apache Mina SSHD) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2022-45047 P-13824V-19c P-13824V-21c 0.0 Oracle SQLcl (Apache Mina SSHD) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-13824V-19c P-13824V-21c Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21824 P-9742V-12.0.0.3.0-12.0.0.7.0 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Oracle Communications BRM - Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916540.1 P-9742V-12.0.0.3.0-12.0.0.7.0 Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Supplier Management). Supported versions that are affected are 12.2.6-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupplier Portal accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21825 P-208V-12.2.6-12.2.8 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Oracle iSupplier Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-208V-12.2.6-12.2.8 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H). Security patch has been released CVE-2023-21826 P-11599V-9.1.0 7.6 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H Oracle Hospitality Reporting and Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2913273.1 P-11599V-9.1.0 Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21827 P-5(Oracle Database Data Redaction)V-19c P-5(Oracle Database Data Redaction)V-21c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Oracle Database Data Redaction Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database Data Redaction)V-19c P-5(Oracle Database Data Redaction)V-21c Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-21828 P-11599V-9.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Oracle Hospitality Reporting and Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2913273.1 P-11599V-9.1.0 Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N). Security patch has been released CVE-2023-21829 P-5(Oracle Database RDBMS Security)V-19c P-5(Oracle Database RDBMS Security)V-21c 6.3 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Oracle Database RDBMS Security Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-5(Oracle Database RDBMS Security)V-19c P-5(Oracle Database RDBMS Security)V-21c Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21830 P-856V-Oracle Java SE:8u351 P-856V-Oracle Java SE:8u351-perf P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917310.1 P-856V-Oracle Java SE:8u351 P-856V-Oracle Java SE:8u351-perf P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Academic Advisement. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Academic Advisement accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2023-21831 P-5181V-9.2 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N PeopleSoft Enterprise CS Academic Advisement Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5181V-9.2 Vulnerability in the Oracle BI Publisher component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker having Security privilege with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21832 P-1479V-5.9.0.0.0 P-1479V-6.4.0.0.0 P-1479V-12.2.1.4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle BI Publisher Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-1479V-5.9.0.0.0 P-1479V-6.4.0.0.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21834 P-1566V-12.2.3-12.2.12 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Oracle Self-Service Human Resources Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-1566V-12.2.3-12.2.12 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2023-21835 P-856V-Oracle Java SE:11.0.17 P-856V-Oracle Java SE:17.0.5 P-856V-Oracle Java SE:19.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917310.1 P-856V-Oracle Java SE:11.0.17 P-856V-Oracle Java SE:17.0.5 P-856V-Oracle Java SE:19.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21836 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21837 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21838 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21839 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21840 P-8478V-5.7.40 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-5.7.40 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21841 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21842 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Oracle WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21843 P-856V-Oracle Java SE:8u351 P-856V-Oracle Java SE:8u351-perf P-856V-Oracle Java SE:11.0.17 P-856V-Oracle Java SE:17.0.5 P-856V-Oracle Java SE:19.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Oracle Java SE, Oracle GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917310.1 P-856V-Oracle Java SE:8u351 P-856V-Oracle Java SE:8u351-perf P-856V-Oracle Java SE:11.0.17 P-856V-Oracle Java SE:17.0.5 P-856V-Oracle Java SE:19.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.8 P-13497V-Oracle GraalVM Enterprise Edition:21.3.4 P-13497V-Oracle GraalVM Enterprise Edition:22.3.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21844 P-5085V-8.59 P-5085V-8.60 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085V-8.59 P-5085V-8.60 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). The supported version that is affected is 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2023-21845 P-5085(Panel Processor)V-8.60 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N PeopleSoft Enterprise PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915481.1 P-5085(Panel Processor)V-8.60 Vulnerability in the Oracle BI Publisher component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker having Security privilege with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21846 P-1479V-5.9.0.0.0 P-1479V-6.4.0.0.0 P-1479V-12.2.1.4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle BI Publisher Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-1479V-5.9.0.0.0 P-1479V-6.4.0.0.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Download). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21847 P-1171V-12.2.3-12.2.12 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Oracle Web Applications Desktop Integrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-1171V-12.2.3-12.2.12 Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21848 P-8501V-3.0.3.1.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Oracle Communications Convergence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2916529.1 P-8501V-3.0.3.1.0 Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21849 P-166V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Applications DBA Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-166V-12.2.3-12.2.12 Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21850 P-2100V-12.1 P-2100V-12.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Demantra Demand Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2915508.1 P-2100V-12.1 P-2100V-12.2 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21851 P-229V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Marketing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-229V-12.2.3-12.2.12 Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Learning Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21852 P-937V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Learning Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-937V-12.2.3-12.2.12 Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Mobile Field Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21853 P-753V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Mobile Field Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-753V-12.2.3-12.2.12 Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales Offline accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21854 P-1009V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Sales Offline Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-1009V-12.2.3-12.2.12 Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales for Handhelds. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales for Handhelds accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21855 P-186V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Sales for Handhelds Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-186V-12.2.3-12.2.12 Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSetup. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iSetup accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21856 P-841V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle iSetup Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-841V-12.2.3-12.2.12 Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Auomated Test Suite). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HCM Common Architecture accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21857 P-2021V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle HCM Common Architecture Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-2021V-12.2.3-12.2.12 Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: Installation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Collaborative Planning accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2023-21858 P-1037V-12.2.3-12.2.12 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Oracle Collaborative Planning Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2484000.1 P-1037V-12.2.3-12.2.12 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Access Manager executes to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2023-21859 P-5565V-12.2.1.4.0 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Oracle Access Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-5565V-12.2.1.4.0 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21860 P-8479V-7.4.38 and prior P-8479V-7.5.28 and prior P-8479V-7.6.24 and prior P-8479V-8.0.31 and prior 6.3 AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H MySQL Cluster Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8479V-7.4.38 and prior P-8479V-7.5.28 and prior P-8479V-7.6.24 and prior P-8479V-8.0.31 and prior Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker having Visual Analyzer privilege with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21861 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: XML Security component). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Services Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Services Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2023-21862 P-1775V-12.2.1.4.0 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Oracle Web Services Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-1775V-12.2.1.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21863 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21864 P-8478V-8.0.30 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.30 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21865 P-8478V-8.0.30 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.30 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21866 P-8478V-8.0.28 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.28 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21867 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21868 P-8478V-8.0.31 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2023-21869 P-8478V-8.0.31 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21870 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21871 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2023-21872 P-8478V-8.0.29 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.29 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21873 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2023-21874 P-8478V-8.0.30 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.30 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2023-21875 P-8478V-8.0.31 and prior 5.9 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21876 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2023-21877 P-8478V-8.0.31 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21878 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21879 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2023-21880 P-8478V-8.0.31 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21881 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2023-21882 P-8478V-8.0.31 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21883 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21884 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919776.1 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Applies to Windows only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Security patch has been released CVE-2023-21885 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919776.1 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21886 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919776.1 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21887 P-8478V-8.0.31 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917170.1 P-8478V-8.0.31 and prior Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21888 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917469.1 P-10605V-18.8.0-18.8.15 P-10605V-19.12.0-19.12.15 P-10605V-20.12.0-20.12.10 P-10605V-21.12.0-21.12.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Security patch has been released CVE-2023-21889 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919776.1 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21890 P-5382V-7.1.0 P-5382V-8.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Oracle Communications Converged Application Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919079.1 P-5382V-7.1.0 P-5382V-8.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker having Visual Analyzer privilege with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21891 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Analytics. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker having Visual Analyzer privilege with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2023-21892 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Oracle Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917214.2 P-2025V-5.9.0.0.0 P-2025V-6.4.0.0.0 Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21893 P-1321V-19c P-1321V-21c 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Oracle Data Provider for .NET Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2906899.1 P-1321V-19c P-1321V-21c Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2023-21894 P-12738V-Prior to 13.9.4.2.11 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Oracle Global Lifecycle Management NextGen OUI Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2917213.2 P-12738V-Prior to 13.9.4.2.11 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21898 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919776.1 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2023-21899 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Oracle VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2919776.1 P-8370V-Prior to 6.1.42 P-8370V-prior to 7.0.6 Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L). Security patch has been released CVE-2023-21900 P-10006V-10 P-10006V-11 4.0 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L Oracle Solaris Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2920776.1 P-10006V-10 P-10006V-11